On 05/28/2015 05:08 PM, Chakradhar thota wrote:

Thank you Li Wei.
Is MOK supported in Legacy BIOS? I have tried to import but after

No, MOK is some kind of UEFI things.

MOK is the only way to insert your own public key without recompile kernel.

Thanks.

reboot couldn't find the key registered
All articles of Signing kernel modules mention about UEFI enviroment
for registering MOK.
Can we register MOK with Legacy BIOS?

On Thu, May 28, 2015 at 1:14 PM, Li Wei [off-list ref] wrote:

quoted

Hi,

On 05/20/2015 08:41 PM, Chakradhar thota wrote:

quoted

Hello Everyone,

I have compiled kernel module on RHEL7 but when I insert the module, I
got following warning

"module verification failed: signature and/or required key missing -
tainting kernel".

I tried signing the module on custom kernel and find it working.
How can we sign the module for a target system with standard RHEL distribution?
where can we find keys for signing the module on standard kernel?

You will never get the signing key from RH, it's RH's private key.
You should import your own key into MOK(Machine Owner Key) list and use
your own private key to sign module.

RH has a document on this:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html

quoted

Regards,
Chakradhar

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies at kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

.