similar to: signing modules

HI all- Thanks for the comments. However -I'm getting no where. Let me start again. My 'hardware" does not have the ability to turn off secure boot. Its an Intel NUC7C - not possible. SO instead of my generic "image" i have that I copy to physical disk (has all my install,setup etc... everything ready). I created a new UEFI disk that again has everything setup and ready.

Hi Phil, Your correct. I missed a step about importing the key: mokutil --import MOK.der So then I rebooted entered teh MOK, accepted all certs and rebooted and it loaded. I only have one problem with this... many of my systems are remote. I "will not" be able to remotely enter the MOK and accept the certs etc... How do I get around this? Recall that my hardware (NUC7C) does not

Hi I took a UEFI image of CentOS 7.7, (dahdi runs on the image). copied that to a physical disk with dd, booted the image and dahdi does not start. doing service dahdi restart says "could not insert dahdi module - the required key is not found." How do I get dahdi to be happy ? it is "NOT" possible to disable UEFI on my hardware. Kernel is 3.10.0-1062.12.el7 I saw

On Thu, Dec 14, 2017 at 5:39 AM, Gary Stainburn <gary at ringways.co.uk> wrote: > After getting nowhere with the mokutil command I decided to use the other > option and turn off secure boot in the BIOS settings. > > I had been loathed to do this because every time I do anything in the BIOS > it > stuffs the boot order and reverts to booting straight into Win8. Guess >

On Monday 11 December 2017 18:50:06 Akemi Yagi wrote: > ?As far as I know, the contents on the CentOS wiki are for CentOS 7.3 (or > earlier) and a patch is needed to use the driver under 7.4. > > You may want to go to the ELRepo article that is referenced on that page ( > http://elrepo.org/tiki/wl-kmod > ? )?. The ELRepo instructions are up to date and should cover EL7.4. >

>You need to turn off secure booting - you can still boot using UEFI, >but if secure booting is turned on the kernel doesn't allow unsigned >modules. Thanks - so is that command line to run ? Config file to edit ? I ran mokutil --disable-verification and rebooted I dont desire that MOK management screen to show - how do you get rid of that ? After rebooting my module still does not

At 04:18 PM 8/4/2020, you wrote: >Am 05.08.20 um 01:09 schrieb david: >>At 01:54 PM 8/4/2020, you wrote: >>>On Tue, 04 Aug 2020 13:44:05 -0700 >>>david wrote: >>> >>> > After all the updates, the system was NOT bootable. >>> >>>How long did you wait for it to boot, and what >>>did it do when it failed to boot?? What text

On 02/08/2020 16:26, Valeri Galtsev wrote: > > On the side note: it is Microsoft that signs one of Linux packages now. We seem to have made one more step away from ?our? computers being _our computers_. Am I wrong? > > Valeri > Microsoft are the Certificate Authority for SecureBoot and most SB-enabled hardware (most x86 hardware) comes with a copy of the Microsoft key

Hi all, I had the same problem with my UEFI bios machine and I fixed it so for Centos 7: 1) Boot from an rescue linux usb 2) When the rescue system is running: ??? 2.1) #chroot /mnt/sysimage 3) Config network: ??? 3.1) # ip addr add X.X.X.X/X dev X ??? 3.2) # ip route add default via X.X.X.X??? <--- default router 4) And finally: ??? #yum downgrade shim\* grub2\* mokutil ???

At 05:01 PM 8/4/2020, you wrote: >Am 05.08.20 um 01:27 schrieb david: >>At 04:18 PM 8/4/2020, you wrote: >>>Am 05.08.20 um 01:09 schrieb david: >>>>At 01:54 PM 8/4/2020, you wrote: >>>>>On Tue, 04 Aug 2020 13:44:05 -0700 >>>>>david wrote: >>>>> >>>>> > After all the updates, the system was NOT bootable.

On 02/08/2020 19:54, John Pierce wrote: > On Sun, Aug 2, 2020 at 11:45 AM Phil Perry <pperry at elrepo.org> wrote: > >> On 02/08/2020 16:26, Valeri Galtsev wrote: >>> >>> On the side note: it is Microsoft that signs one of Linux packages now. >> We seem to have made one more step away from ?our? computers being _our >> computers_. Am I wrong?

On 8/2/20 2:47 AM, Alessandro Baggi wrote: > > Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto: > > It appears that it is affecting multiple distributions including Debian > > and Ubuntu so it looks like the grub2 team messed up. See > > > > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/ > > > > >

Hi, another question.With secure boot on, I make a kernel module test.ko Then insmod test.ko: [root at localhost linux]# insmod test.ko insmod: ERROR: could not insert module test.ko: Required key not available How can I sign my test.ko for CentOS7.1? If I set secure boot off, insmod test.ko will be successful. w.k. ------------------ Original ------------------

On 1/22/2016 2:24 PM, Gordon Messmer wrote: > On 01/22/2016 01:56 PM, John R Pierce wrote: >> Sure, if someone has penetrated my IPMI and/or virtualization >> management, I'm already in a world of hurt > > Exactly. IPMI should be on a dedicated VLAN with a bastion host. No > other systems should have access to it at all. The servers, > especially, should not

On 1/22/2016 11:00 AM, Eero Volotinen wrote: > It works on linux, it can't be secure? if you can insert a custom Machine Owner Key into this keyring, then anyone with sufficient ingenuity can, too. which renders the whole signature thing moot, other than as another step to be cracked. -- john r pierce, recycling bits in santa cruz

On 1/22/2016 3:42 PM, Gordon Messmer wrote: > On 01/22/2016 02:38 PM, John R Pierce wrote: >> for that matter, what about a VM running on a service like Amazon AWS >> (or pick your virtual server environment) ? AWS provides a remote >> console, doesn't it? > > AWS doesn't offer UEFI Secure Boot, so I'm not sure how that's relevant. > > It

Il 05/08/19 18:07, Akemi Yagi ha scritto: > On Mon, Aug 5, 2019 at 9:01 AM Alessandro Baggi > <alessandro.baggi at gmail.com> wrote: >> >> Il 05/08/19 17:49, Akemi Yagi ha scritto: >>> On Mon, Aug 5, 2019 at 8:42 AM Alessandro Baggi >>> <alessandro.baggi at gmail.com> wrote: >>>> >>>> Il 05/08/19 17:30, Akemi Yagi ha scritto:

Ok I tried signing a module... Did not work. + openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj '/CN=dahdi Modules/' Generating a 2048 bit RSA private key ......................................+++ ..............................................................................+++ writing new private key to 'MOK.priv' -----

Il 05/08/19 20:07, Akemi Yagi ha scritto: > On Mon, Aug 5, 2019 at 9:21 AM Alessandro Baggi > <alessandro.baggi at gmail.com> wrote: >> >> Il 05/08/19 18:07, Akemi Yagi ha scritto: >>> On Mon, Aug 5, 2019 at 9:01 AM Alessandro Baggi >>> <alessandro.baggi at gmail.com> wrote: > >>> Do you have secureboot enabled? Then yes, that requires a

I installed my first UEFI disk yesterday. Seemed to go fine. CentOS 7.6 x86_64 I then took that disk "out" of that machine and put it another machine - it seems to not even boot. I put the original disk back in that machine and it boots fine. I put the UEFI disk back in the machine I built it on and it works fine. They are similar machines either and i3 and i7. Shouldn't that work?