jakob/sign-modules
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Kernel Module für UEFI signieren in Linux
9 commits 1 branch 0 tags 90 KiB
Shell 100%
Find a file
Jakobus Schürz 59156d031c Ignore lines beginning with '#' and empty lines
2019-08-10 09:21:44 +02:00
.gitignore README angepasst, modules.example added 2019-07-17 23:31:52 +02:00
LICENSE Initial commit 2018-12-11 09:29:10 +01:00
modules.example README angepasst, modules.example added 2019-07-17 23:31:52 +02:00
README.md README angepasst, modules.example added 2019-07-17 23:31:52 +02:00
sign-modules.sh Ignore lines beginning with '#' and empty lines 2019-08-10 09:21:44 +02:00

README.md

Sign linux-kernel-modules with own key for secureboot

  • Create key-pair

        ./sign-modules.sh -c

    you get asked for a Password for the new key. Remember it, you'll need it a reboot once to confirm the new installed key.

  • Sign your proprietary modules

        Usage sign modules: 
        ./sign-modules.sh <modulename> [<modulename>] [<modulename>]...
        ./sign-modules.sh -k <kernelversion> <modulename> [<modulename>] [<modulename>]...
        ./sign-modules.sh -k <kernelversion> -f <modulesfile>
        ./sign-modules.sh -f <modulesfile>

    -k <kernelversion>      output of »uname -r«
                            if not given, it takes current kernelversion

    -f <modulesfile>        plaintext file with newlineseparated list of modules to sign

  • Reboot

If you have a Dualboot with Windows and Bitlocker, you have to type in you Recreation-Key for Bitlocker on first boot in Windows, because you added a key to UEFI

Every time you install a new kernel, you have to boot to the new kernel and run

```
    ./sign-modules.sh -k <kernelversion> -f <modulesfile>
```
  • Reboot

again.