On 04/13/2018 03:50 PM, Robert Nichols wrote:
I've gone through the steps on the elrepo.org/tiki/wl-kmod page, but cannot load the new wl module. Running "mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.ord.der" just gets "Failed to enroll new keys".

The elrepo.org/tiki/SecureBootKey page references a subscriber-only Red Hat page for help. Any help for someone who cannot read that page? (Yes, I know about "Just turn off secure boot." Looking for an actual answer.)

In the case of kmod-wl, you built the binary on your system, so it is not signed with the elrepo secure boot key. Only EL7 kmods built on the elrepo build systems are signed with the elrepo secure boot key. Installing the elrepo secure boot key on your system will not help in your case.


To use kmod-wl with secure boot, you need to generate your own secure boot signing key, sign kmod-wl with it and import the public key onto your system as described at:

 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Kernel_Administration_Guide/sect-signing-kernel-modules-for-secure-boot.html

Real PITA, hence why so many people ask "Do you really need secure boot?" :-)


Red Hat just released RHEL 7.5 on Tuesday and I think they were updating their standard documentation today, hence the inability to reach the link earlier today. The above link is from the 7.4 release or so it seems. The link is available to anyone, not just RHEL subscribers.

Hope that helps.

Steve

_______________________________________________
elrepo mailing list
elrepo@lists.elrepo.org
http://lists.elrepo.org/mailman/listinfo/elrepo

Reply via email to