berglh / ubuntu-sb-kernel-signing Goto Github PK
View Code? Open in Web Editor NEWUbuntu Secure Boot Kernel Signing (MOK)
License: MIT License
Ubuntu Secure Boot Kernel Signing (MOK)
License: MIT License
Hello thanks for this project! I have a question regarding one of the package dependencies in the mok-setup.sh
script. The script checks whether fwts
is installed, I was wondering if this dependency is required and if so, what is it used for?
Installing fwts
in Ubuntu 22.04 requires gcc-12 (default gcc-11) and updating /usr/bin/gcc
to use 12, e.g.
sudo apt install gcc-12
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12
If the package isn't needed, this extra system change is not required.
I've followed your instructions:
cd ubuntu-sb-kernel-signing/
sudo cp sbin/00-signing /etc/kernel/postinst.d
sudo chown root:root /etc/kernel/postinst.d/00-signing
sudo chmod u+rx /etc/kernel/postinst.d/00-signing
sudo reboot
enrolled the key:
mokutil --list-enrolled
cd ubuntu-sb-kernel-signing/
cd sbin/
sudo bash mok-setup.sh
and then installed Liquorix:
sudo apt install --force-reinstall true linux-image-liquorix-amd64 linux-headers-liquorix-amd64
sudo update-initramfs -u -k all
sudo update-grub
sudo reboot
But it doesn't boot with this kernel.
What am I missing?
From u/FloatyFish,
Ref: Reddit Comment
Below is what I get when I try to sign it:
/etc/kernel/postinst.d/00-mainline-signing: line 55: cd: too many arguments
run-parts: /etc/kernel/postinst.d/00-mainline-signing exited with return code 1
So I ran echo $HOME, and there weren't any spaces in the username folder. As for the kernel I'm trying to install, I was attempting to install 5.15.6 on Ubuntu 21.10.
What's even stranger is that I looked at upgrading my kernel (5.13.something) to the latest 5.14 release (5.14.21) to see if maybe it was a version issue, and to my surprise the build went through perfectly. I then attempted to build 5.15.6 and 5.15.0 to see if something had changed, and I still got the error that I posted in my previous post.
#3 Adds a potential fault https://github.com/berglh/ubuntu-sb-kernel-signing/blob/main/sbin/zz-mainline-signing#L41.
I now remember why we actually want to ensure that we always only return one kernel image path such as with grep -m1
. It's possible if you've downloaded different kernels matching the pattern to different folders that this will then throw an error later in the script. Thus, we should only return one result.
If we do get an error with multiple matches, it might be good to error out here with a message to that effect i.e. (multiple matches were found, remove one and try again).
It might be desirable to only sign Liqourix kernels with a dedicated script. If someone is interested in this, please add your comment to register your interest.
I have installed Ubuntu 22.04 with kernels 5.15.0-33 and 5.15.0-30, which are signed by Canonical. However with Secure Boot Enabled, these kernels are not recognized. I get the message vmlinuz is not signed, must load kernel first. I have created a MOK.der but am not sure that signing these kernels will solve the problem since they are already signed. My system is ASROCK AB350 Pro 4 with Debian 11 (KickSecure) and Ubuntu 22.04. KickSecure Debian 11 boots OK with Secure Boot Enabled and Ubuntu used to boot before I added KickSecure Debian.
Hi, I'm Rishi K. Bose and I use your program for my laptop with UEFI. However, the program has a date when it will expire.
Hello ! I would like to know what are the two arguments that need to be passed to the scripts in order to make them work, can you help me?
I find myself going back to this repo every time I update my kernel.
Even though I always update with mainline, the manual approach always works and it's a 3 step procedure.
Thank you!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.