search

frederik-h / acer-wmi-battery

A linux kernel driver for the Acer WMI battery health control interface
GNU General Public License v2.0
113 stars 15 forks source link

good for acer travelmate vero TMV15-51 #44

Closed mochechan closed 5 months ago

mochechan commented 5 months ago

The code is good for acer travelmate vero TMV15-51 after disabling the secure boot.

The code can be compiled succfully after installing the following package.

sudo apt -y install dwarves
sudo cp -avi /sys/kernel/btf/vmlinux /usr/lib/modules/`uname -r`/build/

Thanks for providing a practical original code that I need it a lot. After compiling the code, the message "Loading of unsigned module is rejected" appears when running the following command.

sudo insmod acer-wmi-battery.ko enable_health_mode=1

I guess that the problem is resoning the secure boot. The command has no problem after disabling the secure boot. However, disabling the secure boot is not a long term policy. I'm attempting to resolve this issue. Please give me some tips. Thank you.

mochechan commented 5 months ago

Finally, I solved this issue. Please refer to how to sign the kernel module.

The following script helps to load a kernel module without disabling the secure boot.

#!/bin/bash

echo acer travelmate vero with ubuntu 22.04

echo show current secure boot status
mokutil --sb-state

sudo update
sudo apt -yqq install dwarves gcc-12
sudo cp -av /sys/kernel/btf/vmlinux /usr/lib/modules/`uname -r`/build/
sudo apt -yqq install build-essential linux-headers-$(uname -r) git
mkdir -pv ~/repos && cd "$_"
git clone https://github.com/frederik-h/acer-wmi-battery.git
cd acer-wmi-battery
make -j`nproc`

echo sudo insmod acer-wmi-battery.ko enable_health_mode=1 
echo currently shows ERROR: could not insert module : Key was rejected by service
echo two methods to resolve this problem: disabling secure boot, or signing the module
echo If you want to load a kernel module without disabling secure boot, please run the following:
echo refer to https://ursache.io/posts/signed-kernel-module-debian-2023/
mkdir -pv ~/repos/mok && cd "$_"
tee ~/repos/mok/openssl.cnf <<EOF
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd
[ req ]
distinguished_name      = req_distinguished_name
x509_extensions         = v3
string_mask             = utf8only
prompt                  = no

[ req_distinguished_name ]
countryName             = TW
stateOrProvinceName     = Taiwan
localityName            = Taiwan
0.organizationName      = Taiwan
commonName              = Customized Key
emailAddress            = chryslerwrangler@gmail.com

[ v3 ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer
basicConstraints        = critical,CA:FALSE
extendedKeyUsage        = codeSigning
nsComment               = "OpenSSL Generated Certificate"
EOF

echo openssl req -config ~/repos/mok/openssl.cnf  -new -x509 -newkey rsa:2048  -nodes -days 36500 -outform DER  -keyout "MOK.priv"   -out "MOK.der"

echo sudo mokutil --import MOK.der #just only one time
echo sudo reboot
echo "select Enroll MOK / Continue / Yes / [Password] / Reboot " 

sudo mokutil -l | grep Subject

ls -l ~/repos/acer-wmi-battery/*.ko
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ~/repos/mok/MOK.priv ~/repos/mok/MOK.der ~/repos/acer-wmi-battery/acer-wmi-battery.ko
ls -l ~/repos/acer-wmi-battery/*.ko

modinfo ~/repos/acer-wmi-battery/acer-wmi-battery.ko 
sudo insmod ~/repos/acer-wmi-battery/acer-wmi-battery.ko enable_health_mode=1 
lsmod | grep -i acer
sudo dmesg | grep -i acer