Skip to content

Script for signing linux-kernel-modules for secureboot with own key

License

Notifications You must be signed in to change notification settings

xundeenergie/secureboot_modulsign

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sign linux-kernel-modules with own key for secureboot

  • Create key-pair

        ./sign-modules.sh -c
    

    you get asked for a Password for the new key. Remember it, you'll need it a reboot once to confirm the new installed key.

  • Sign your proprietary modules

        Usage sign modules: 
            ./sign-modules.sh <modulename> [<modulename>] [<modulename>]...
            ./sign-modules.sh -k <kernelversion> <modulename> [<modulename>] [<modulename>]...
            ./sign-modules.sh -k <kernelversion> -f <modulesfile>
            ./sign-modules.sh -f <modulesfile>
    
        -k <kernelversion>      output of »uname -r«
                                if not given, it takes current kernelversion
    
        -f <modulesfile>        plaintext file with newlineseparated list of modules to sign    
    
  • Reboot

If you have a Dualboot with Windows and Bitlocker, you have to type in you Recreation-Key for Bitlocker on first boot in Windows, because you added a key to UEFI

Every time you install a new kernel, you have to boot to the new kernel and run

```
    ./sign-modules.sh -k <kernelversion> -f <modulesfile>
```
  • Reboot

again.

About

Script for signing linux-kernel-modules for secureboot with own key

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages