Install process to sign tuxedo_keyboard module on uefi systems

[djahma]

I thought I'd put additional install instructions in an issue because I had trouble getting this driver to work on my system with UEFI on. I'm very poor at security/certificates and don't understand what I did below, but it worked!

After the dkms part, one must sign the module(s) for modprobe to work. Otherwise you end up with a message like "Key not accepted" or something.

To sign, you must first create a certificate to sign with : https://ubuntu.com/blog/how-to-sign-things-for-secure-boot You can copy the cnf file in shim/mok into your working folder ("modsigning" in my case) cp /usr/lib/shim/mok/openssl.cnf ./modsigning/openssl_tuxedo-keyboard.cnf You can set the prompt field to 'yes' and then run openssl req -config ./modsigning/openssl_tuxedo-keyboard.cnf -new -x509 -newkey rsa:2048 -nodes -days 36500 -outform DER -keyout "MOK.priv" -out "MOK.der" to generate the private and public keys. The prompt will ask you for the info to put in the files: your country, organisation, email etc.

With these keys/certificate you must then import the DER file into some part of the system to be able to use it to sign at a later stage. Move into the directory where you created it, cd ./modsigning in my case, and then: sudo mokutil --import MOK.der followed by sudo reboot. The mokutil command will ask you to create a password to repeat after the reboot....make it extra simple, especially since your keyboard will be in US layout after reboot ;) to my fellow non-US brains!

Upon reboot follow the steps on the blue screen: _press any key to continu, _select the (only) key to import from the list, _Enter that password we just talked about...

Now you are ready to sign the module(s). Locate your '.ko' files: sudo find / -iname tuxedo*ko I found mine in /usr/lib/modules/5.19.0-46-generic/updates/dkms/ ; there are 5 to sign in there: _clevo_acpi.ko clevo_wmi.ko tuxedo_io.ko tuxedo_keyboard.ko uniwillwmi.ko You can sign them one by one like so: sudo kmodsign sha512 MOK.priv MOK.der /usr/lib/modules/5.19.0-46-generic/updates/dkms/tuxedo_io.ko

Getting there...now you can load your keyboard driver!: sudo modprobe tuxedo_keyboard If nothing happens, just reboot one last time.

This solution will work specifically for "5.19.0-46-generic" kernel. Any update to your kernel and you'll have to sign again. Next step: to make that process a script...

[tuxedo-bot]

This repository will no longer get any updates as the code here is now part of tuxedo-drivers https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers.

Please open a merge request or issue in the new project on GitLab if you contribution or bug report still applies.