Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.4K Intelligent Advisor
- 75 Insurance
- 537.6K On-Premises Infrastructure
- 138.7K Analytics Software
- 38.6K Application Development Software
- 6.1K Cloud Platform
- 109.6K Database Software
- 17.6K Enterprise Manager
- 8.8K Hardware
- 71.3K Infrastructure Software
- 105.4K Integration
- 41.6K Security Software
Signing module for UKI with OL 8.7 UEK R7
Hi,
I'm trying to sign a zfs module for the OL 8.7 UEK R7 booted in Secure Boot mode. I'm currently using my own certificate as described here: Working With UEFI Secure Boot (oracle.com). My kernel is an UKI made with dracut. And I use DB and not MOK here because of UKI (no shim).
When I try to insert the signed module in Secure Boot Mode, I receive this error:
modprobe: ERROR: could not insert 'zfs': Key was rejected by service
Without the SB Mode, the module is OK.
My key is stored in the UEFI DB, so it is loaded in the .platform keyring. If what is said here is correct : How to load custom kernel module with Secure Boot (OL8.1 UEK6) - Page 2 — oracle-tech, I can't use DB as my signing cert because it is no more in trusted keyring since R6. And I can't find anything to made my signed module loaded without error in SB Mode.
Is there someone that can help me on this?
Thank you.
Marc