search

LukeShortCloud / rootpages

Root Pages is a collection of easy-to-reference tutorials and guides primarily for Linux and other UNIX-like systems.
Other
56 stars 6 forks source link

[storage][bootloaders] Manually add custom keys to UEFI #1026

Closed LukeShortCloud closed 3 months ago

LukeShortCloud commented 11 months ago

This allows for self-signed kernels and kernel modules to be trusted as part of the secure boot process.

https://github.com/NVIDIA/yum-packaging-precompiled-kmod/blob/main/UEFI.md

LukeShortCloud commented 11 months ago 
Enroll key in MOK
Download the X.509 certificate public key
note: skip this step if using your own certificate

[NVIDIA 2019 for RHEL8](https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/NVIDIA2019-public_key.der): NVIDIA2019-public_key.der
[See table](https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/precompiled/) for supported kmod packages
Key is subject to change in a future release
mokutil
$ sudo mokutil --import *public_key.der
note: you will be asked to create a new password (between 1-256 characters)

$ sudo mokutil --list-new | grep Issuer
note: the key to be enrolled should be listed

UEFI environment
On the next reboot, the MOK management interface will load.

UEFI enroll in MOK

Press a key to continue.
Select enroll MOK
Select view key
Confirm the key is correct
Select yes to enroll the key into db
Input the password created from the mokutil step
Select reboot
The NVIDIA kernel modules will load