monterr/UEFI-SecureBoot-SignTool

coprserver · October 24, 2019, 12:38pm

The default signed Linux kernel on Ubuntu (>=16.04.x), Fedora and perhaps on other distributions as well, won't load unsigned external kernel modules if Secure Boot is enabled on UEFI systems. Hence, any external kernel modules like the proprietary Nvidia kernel driver, Oracle VM VirtualBox's host/guest kernel driver etc. won't work. External kernel modules must be signed for UEFI Secure Boot using a Machine Owner Key (MOK). This is useful if you can't or don't wish to disable Secure Boot on your UEFI-enabled system. UEFI Secure Boot Sign Tool can be used to sign kernel modules. Essentially, it is a wrapper around the sign-file binary in the kernel sources. The systemd service can be enabled to automatically sign specific kernel modules with user's own once setup is complete.

This is a companion discussion topic for the original entry at https://copr.fedorainfracloud.org/coprs/monterr/uefi-secureboot-signTool/

Topic		Replies	Views
Signing nvidia drivers Ask Fedora f34 , rpmfusion , nvidia , kernel	2	1498	July 25, 2021
How can I sign my self-built kernel with my own key? Ask Fedora	3	833	September 15, 2021
Problem using signed kernel module Ask Fedora f29	1	1415	May 10, 2019
UEFI Secure boot sign for custom kernel modules help Ask Fedora	2	352	March 22, 2023
Installing nvidia drivers on a fedora 36 (in dual boot with windows 11) with secure boot enabled Ask Fedora f36 , secure-boot , dual-boot , intel , nvidia	29	19959	July 5, 2022

monterr/UEFI-SecureBoot-SignTool

Related topics