On 04/14/2018 12:01 AM, Steve Tindall wrote:
On 04/13/2018 03:50 PM, Robert Nichols wrote:
I've gone through the steps on the elrepo.org/tiki/wl-kmod page, but cannot load the new wl module. 
Running "mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.ord.der" just gets 
"Failed to enroll new keys".

The elrepo.org/tiki/SecureBootKey page references a subscriber-only Red Hat page for 
help. Any help for someone who cannot read that page? (Yes, I know about "Just turn 
off secure boot." Looking for an actual answer.)

In the case of kmod-wl, you built the binary on your system, so it is not 
signed with the elrepo secure boot key. Only EL7 kmods built on the elrepo 
build systems are signed with the elrepo secure boot key. Installing the elrepo 
secure boot key on your system will not help in your case.


To use kmod-wl with secure boot, you need to generate your own secure boot 
signing key, sign kmod-wl with it and import the public key onto your system as 
described at:

  
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Kernel_Administration_Guide/sect-signing-kernel-modules-for-secure-boot.html

Real PITA, hence why so many people ask "Do you really need secure boot?" :-)

Thank you for that info. PITA indeed! I have this nasty feeling, though, that even if I 
go through all of that to generate a key, my attempt to import it would run into the same 
"Failed to enroll new keys" error that I get when trying to import the elrepo 
key. I'll give it a try, but that will have to wait a while -- possibly until CentOS 7.5 
is released.

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

_______________________________________________
elrepo mailing list
elrepo@lists.elrepo.org
http://lists.elrepo.org/mailman/listinfo/elrepo

Reply via email to