Bug 1615744
| Summary: | Kernel module signing instructions for Secure Boot contain errors | ||
|---|---|---|---|
| Product: | [Retired] Fedora Documentation | Reporter: | Andrew Henry <adhenry.9> |
| Component: | system-administrator's-guide | Assignee: | Petr Bokoc <pbokoc> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Docs QA <docs-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | devel | CC: | mmethot, nicolasoliver03, swadeley |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-05-21 12:49:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Andrew Henry
2018-08-14 07:19:21 UTC
Note that to get all info about keys inc Microsodt one, also need to run: keyctl list %:.secondary_trusted_keys This has been addressed in the newer docs: - https://docs.fedoraproject.org/en-US/fedora/f32/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/#sect-signing-kernel-modules-for-secure-boot Great docs! The only missing thing I see is how you re-sign a module with a custom key. For example, I am using my own Secure Boot PK, KEK, DB and DBX, and I have a custom signed kernel. How do I pull already signed modules from the fedora repos and re-sign with my custom key so they can work on Secure Boot. The docs in https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html does not say anything about it, and assumes you are compiling the module. Do you need to remove the previous signature, or can you append the new signature? Other than that, I think the docs are great :) Looks like the original problem has been addressed. I copied comment #3 into a new issue in GitLab: https://gitlab.com/fedora/docs/fedora-linux-documentation/fedora-linux-sysadmin-guide/-/issues/13 I'm working on closing all Fedora Docs components in Bugzilla, so please use Gitlab in the future to report any problems. |