search for: mok

HI all- Thanks for the comments. However -I'm getting no where. Let me start again. My 'hardware" does not have the ability to turn off secure boot. Its an Intel NUC7C - not possible. SO instead of my generic "image" i have that I copy to physical disk (has all my install,setup etc... everything ready). I created a new UEFI disk that again has everything setup and ready.

Hello, I'm using dovecot 1.0.3 and Dovecot Sieve plugin 1.0.2. Sieve script works fine with normal addresses, like user at domain.., and messages marked with "X-Spam-Flag: YES" are delivered directly to INBOX.Spam. To make deliver understand recipient_delimiter I tried two methods, the first one as per wiki (tweaking postfix master.cf), and the second one by tweaking

...Tcl/Tk support: yes R profiling support: yes R as a shared library: no configure: warning: you cannot build info versions of the R manuals After running gmake: gmake[3]: ar: Command not found gmake[3]: *** [libappl.a] Error 127 gmake[3]: Leaving directory `/home/eecs/moks/R/R-1.2.1/src/appl'' gmake[2]: *** [R] Error 2 gmake[2]: Leaving directory `/home/eecs/moks/R/R-1.2.1/src/appl'' gmake[1]: *** [R] Error 1 gmake[1]: Leaving directory `/home/eecs/moks/R/R-1.2.1/src'' gmake: *** [R] Error 1 After running gmake check gmake[4]: *** No rule...

Ok I tried signing a module... Did not work. + openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj '/CN=dahdi Modules/' Generating a 2048 bit RSA private key ......................................+++ ..............................................................................+++ writing new private key to 'MOK.priv' -----...

...signed by Microsoft to work. In the case of linux, that is the shim which becomes the root of trust to load everything else. If you are not happy with that you can always become your own certificate authority by generating your own keys, install your signing keys in the hardware's firmware (MOK list) and sign stuff yourself to use on your own machine(s). However if you wish to distribute stuff to others and have it work seamlessly on hardware outside of your direct control and without the need for every user to import your CA SecureBoot signing key into the MOK list on every device,...

Hi Phil, Your correct. I missed a step about importing the key: mokutil --import MOK.der So then I rebooted entered teh MOK, accepted all certs and rebooted and it loaded. I only have one problem with this... many of my systems are remote. I "will not" be able to remotely enter the MOK and accept the certs etc... How do I get around this? Recall that m...

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using ssh) from the specified host, I get in without a problem. There is nothing in the logs. It does not help restarting sshd, or rebooting. It does not help putting "ALL"...

Is there an "easy" way to just sign all kernel modules in the /lib/modules directory ? I'm getting an error about a module not being signed so not loading. CentOS 7.7 UEFI booting. (I cannot remove UEFI as hardware does not allow it). Thanks, Jerry

...> On 01/21/2016 11:33 PM, wk wrote: >> How can I sign my test.ko for CentOS7.1? > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html what a pile of security theater that MOK thing is. theater of the absurd, anyways. -- john r pierce, recycling bits in santa cruz

...icrosoft to work. In the case of linux, that is the shim which becomes > the root of trust to load everything else. If you are not happy with > that you can always become your own certificate authority by generating > your own keys, install your signing keys in the hardware's firmware (MOK > list) and sign stuff yourself to use on your own machine(s). > > However if you wish to distribute stuff to others and have it work > seamlessly on hardware outside of your direct control and without the > need for every user to import your CA SecureBoot signing key into the > M...

...with this? And any advice to offer? Cheers, Morten -- Morten Kjeldgaard, Asc. professor, Ph.D. Department of Molecular Biology, Aarhus University Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178 Home +45 86188180 * http://www.bioxray.dk/~mok

...work. In the case of linux, that is the shim which becomes >> the root of trust to load everything else. If you are not happy with >> that you can always become your own certificate authority by generating >> your own keys, install your signing keys in the hardware's firmware (MOK >> list) and sign stuff yourself to use on your own machine(s). >> >> However if you wish to distribute stuff to others and have it work >> seamlessly on hardware outside of your direct control and without the >> need for every user to import your CA SecureBoot signing...

...x509 -inform der -text -noout|grep -A2 Validity While technically it doesn't really matter for Secureboot itself, it was better to get a new key/cert rolled-in and use the new one for new builds. That's where it's interesting as because shim embeds the certs in the Machine Owner Key (MOK), and that each other component used in the boot chain is validated against that (so grub2 first, then kernel and kernel modules) that means that once deployed , the new shim would not be able to boot previous grub2/kernel. But there is a solution for that : instead of "embedding" only t...

Hello there, I am trying to compute the 3 months return momentum with the timeSeries x.ts, which is just a subset of simple returns from a much bigger series, > class(x.ts) [1] "timeSeries" attr(,"package") [1] "timeSeries" > dim(x.ts) [1] 20 3 > x.ts[1:8,] GMT MS.US AAPL.US CA.FP 1996-01-31 0.15159065 -0.133391894

...w to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Pozdrawiam, Łukasz Grzywański Voice Architect Mok Yok IT Sp. z o.o. ul. Rzeźnicza 32/33, 50-130 Wrocław, Polska tel. +48 717227200, fax +48 717227299 mob.: +48 517255333, e-mail: lukasz.grzywanski at mokyokit.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/att...

On 8/2/20 2:47 AM, Alessandro Baggi wrote: > > Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto: > > It appears that it is affecting multiple distributions including Debian > > and Ubuntu so it looks like the grub2 team messed up. See > > > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > > > >

...How can I sign my test.ko for CentOS7.1? >>> >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html >> > > > what a pile of security theater that MOK thing is. theater of the > absurd, anyways. > > > > -- > john r pierce, recycling bits in santa cruz > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >

>You need to turn off secure booting - you can still boot using UEFI, >but if secure booting is turned on the kernel doesn't allow unsigned >modules. Thanks - so is that command line to run ? Config file to edit ? I ran mokutil --disable-verification and rebooted I dont desire that MOK management screen to show - how do you get rid of that ? After rebooting my module still does not load. Jerry

From: Morten Kjeldgaard <mok at bioxray.dk> > I am a bit puzzled at the versioning scheme of the RedHat clone family. > RedHat seems to use integer 4, Tao and Centos does the same. If you do > rpm -q --qf '%{version}\n' -f /etc/redhat-release > you get '4'. > However, Scientific Linux uses 4.0...

...and cast your vote! Cheers, Morten -- Morten Kjeldgaard, Asc. professor, Ph.D. Department of Molecular Biology, Aarhus University Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178 Home +45 86188180 * ICQ 27224900 * http://www.bioxray.dk/~mok