Closed saurontech closed 1 year ago
openssl req -new -x509 -newkey rsa:2048 -keyout ./advvcom-driver.key -outform DER -out ./advvcom-driver.der -nodes -days 36500 -subj "/CN=ADVVCOM Driver Kmod Signing MOK"
sudo mokutil --import ./advvcom-driver.der
/usr/local/advtty/sign-advvcom-driver.sh permission:100
#!/bin/bash
# sign-advvcom-driver.sh
hash_algo=sha256
private_key=/usr/local/advtty/advvcom-driver.key
x509_cert=/user/local/advtty/advvcom-driver.der
#prefix=/usr/src/kernels/
# For Debian/Ubuntu, use
#prefix=/usr/src/linux-headers-
"/lib/modules/$KERNELVER/build/scripts/sign-file" \
"${hash_algo}" "${private_key}" "${x509_cert}" "${2}" \
&& echo "Signed newly-built module ${2} with MOK successfully." >&2 \
&& exit 0
echo "Error signing file ${2}." >&2
exit 1
/etc/dkms/advvom.conf permission 644
SIGN_TOOL=/usr/local/advtty/sign-advvcom-driver.sh
modinfo vboxdrv https://wiki.debian.org/SecureBoot
https://manpages.ubuntu.com/manpages/focal/en/man8/dkms.8.html dkms.conf SINGE_TOOL
sign_tool="/etc/dkms/sign_helper.sh" 5.19 kernel https://github.com/linux-surface/linux-surface/issues/906
bad3e6df8587e35be690f3a5a15aa255d91b4427
SecureBoot Signing KeyGeneration