On 16/03/2020 20:23, Jerry Geis wrote:
Ok I tried signing a module... Did not work.
- openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER
-out MOK.der -nodes -days 36500 -subj '/CN=dahdi Modules/' Generating a 2048 bit RSA private key ......................................+++ ..............................................................................+++ writing new private key to 'MOK.priv'
++ uname -r ++ modinfo -n dahdi
- /usr/src/kernels/3.10.0-1062.12.1.el7.x86_64/scripts/sign-file sha256
./MOK.priv ./MOK.der /lib/modules/3.10.0-1062.12.1.el7.x86_64/dahdi/dahdi.ko
service dahdi restart Restarting dahdi (via systemctl): Job for dahdi.service failed because the control process exited with error code. See "systemctl status dahdi.service" and "journalctl -xe" for details. [FAILED]
Mar 16 16:20:12 dahdi[12787]: Loading DAHDI hardware modules: Mar 16 16:20:12 dahdi[12787]: modprobe: ERROR: could not insert 'dahdi': Required key not available Mar 16 16:20:12 kernel: Request for unknown module key 'dahdi Modules: 3e93f14b19188e27f6dbfaf5ad47474abb9606fc' err -11
Did I miss something ?
Looks like you did not enroll your signing key in the MOK list as the kernel is telling you it can not find your key to verify the signing of the module?
Read the two links I posted earlier, and links therein. That is the best documentation that exists AFAIK.
Phil