Because patching /usr/sbin/dkms after every update quickly gets old, i
found another workaround by putting this into /etc/dkms/framework.conf:
====
do_signing=1
check_the_mok_key() {
case "${KBUILD_SIGN_PIN-}" in
[Nn][oO])
return 0;;
esac
KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN-}" \
openssl rsa -in "$mok_signing_key" \
-passin env:KBUILD_SIGN_PIN -check -noout || return
}
ask_for_mok_password() {
until check_the_mok_key; do
stty -echo
printf "\nEnter passphrase for %s (type 'no' to cancel):" \
"$mok_signing_key"
IFS='' read -r KBUILD_SIGN_PIN || KBUILD_SIGN_PIN=no
stty echo
done
}
kmodsign() {
ask_for_mok_password < /dev/tty > /dev/tty 2>&1
KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN-}" "$sign_file" "$@"
}
====
Hopefully this will be resolved in the future and this workaround will
no longer be necessary.
