study the proccess of signing a UEFI secure boot kernel module

saurontech commented 1 year ago

https://gist.github.com/lijikun/22be09ec9b178e745758a29c7a147cc9

saurontech commented 1 year ago

https://gist.github.com/sbueringer/bd8cec239c44d66967cf307d808f10c4 https://gist.github.com/lijikun/22be09ec9b178e745758a29c7a147cc9

saurontech commented 1 year ago

openssl req -new -x509     -newkey rsa:2048 -keyout ./advvcom-driver.key     -outform DER -out ./advvcom-driver.der -nodes -days 36500 -subj "/CN=ADVVCOM Driver Kmod Signing MOK"
sudo mokutil --import ./advvcom-driver.der

/usr/local/advtty/sign-advvcom-driver.sh permission:100

#!/bin/bash
# sign-advvcom-driver.sh

hash_algo=sha256
private_key=/usr/local/advtty/advvcom-driver.key
x509_cert=/user/local/advtty/advvcom-driver.der

#prefix=/usr/src/kernels/
# For Debian/Ubuntu, use
#prefix=/usr/src/linux-headers-

"/lib/modules/$KERNELVER/build/scripts/sign-file" \
    "${hash_algo}" "${private_key}" "${x509_cert}" "${2}" \
    && echo "Signed newly-built module ${2} with MOK successfully." >&2 \
    && exit 0
echo "Error signing file ${2}." >&2
exit 1

/etc/dkms/advvom.conf permission 644

SIGN_TOOL=/usr/local/advtty/sign-advvcom-driver.sh

saurontech commented 1 year ago

modinfo vboxdrv https://wiki.debian.org/SecureBoot

saurontech commented 1 year ago

https://medium.com/@vvvrrooomm/practical-secure-boot-for-linux-d91021ae6471 DKMS sign_tool

saurontech commented 1 year ago

https://manpages.ubuntu.com/manpages/focal/en/man8/dkms.8.html dkms.conf SINGE_TOOL

saurontech commented 1 year ago

sign_tool="/etc/dkms/sign_helper.sh" 5.19 kernel https://github.com/linux-surface/linux-surface/issues/906

saurontech commented 1 year ago

bad3e6df8587e35be690f3a5a15aa255d91b4427

saurontech / Advantech-VCOM-Linux-Driver

study the proccess of signing a UEFI secure boot kernel module #53