[CentOS] signing modules

Mon Mar 16 17:18:15 UTC 2020
Phil Perry <pperry at elrepo.org>

On 16/03/2020 16:42, Jerry Geis wrote:
>> You need to turn off secure booting - you can still boot using UEFI,
>> but if secure booting is turned on the kernel doesn't allow unsigned
>> modules.
> 
> Thanks - so is that command line to run ? Config file to edit ?
> 
> I ran mokutil --disable-verification and rebooted
> I dont desire that MOK management screen to show - how do you get rid of
> that ?
> 
> After rebooting my module still does not load.
> 

Rather than disabling a security feature, why don't you generate a 
Secure Boot signing key and sign your module?

Please see the RHEL documentation here:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Kernel_Administration_Guide/sect-signing-kernel-modules-for-secure-boot.html

Elrepo has a guide here on how to import your Secure Boot signing key 
once you have signed your module:

http://elrepo.org/tiki/SecureBootKey

Phil