Hi everybody, I am trying to get an image of debian live with zfs, signing it with my own MOK keys. I cannot get it to work, maybe somebody can give me a hand? This is what I am doing right now:
rm -rf /build mkdir /build cd /build # Configure live-build lb config \ --binary-image iso-hybrid \ --distribution trixie \ --architectures amd64 \ --backports true \ --archive-areas main,contrib \ --bootloaders grub-efi \ --uefi-secure-boot enable \ --bootappend-live "boot=live persistence timezone=Europe/Amsterdam" # Add packages to be installed inside the live ISO filesystem. mkdir -p config/package-lists cat <<'EOF' > config/package-lists/custom.list.chroot mokutil sbsigntool shim-signed debootstrap linux-headers-amd64 zfs-dkms/trixie-backports zfsutils-linux/trixie-backports EOF # create the folder and files to get DKMS signed packages mkdir -p /build/config/includes.chroot/etc/dkms/framework.conf.d cat <<'EOF' >/build/config/includes.chroot/etc/dkms/framework.conf.d/ signing.conf mok_signing_key="/root/secureboot/MOK/mok.priv" mok_certificate="/root/secureboot/MOK/mok.der" EOF lb build What I observe is that default DKMS keys are created and used to sign the zfs modules, instead of mine. What am I doing wrong? -- Felix Rubio
