LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Module Signing for secure boot (https://www.linuxquestions.org/questions/linux-security-4/kernel-module-signing-for-secure-boot-4175595092/)

ktalinki 12-08-2016 09:17 PM
Kernel Module Signing for secure boot
 
hi,
Our product has kernel modules and when secure boot is enabled kernel is not loading our modules.
So we would like to sign our modules with a private key and install/add the public key on the target machine.
If the secureboot is enabled with UEFI Secureboot then we can add the public key to MOK, but if the secureboot is enabled with kernel parameter 'module.sig_enforce', I dont see a way to add add our public key to the kernel system keyring.

What are the ways to get around this?
Is there a way we can add a public key to system keyring with out building the kernel?
Microsoft signs drivers for the product developers, Is there something like that for Linux?

thanks for the help in advance,
--Kumar

Ztcoracat 12-08-2016 10:07 PM
Quote:
Is there a way we can add a public key to system keyring with out building the kernel?
I could be wrong but I (think) that the public key gets built into the kernel so it may not be possible w/o doing a build.

syg00 12-09-2016 02:22 AM
Ask on lkml


All times are GMT -5. The time now is 05:49 PM.