On January 27th, this site will be read-only as we migrate to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 30th, when you will be able to use this site as normal.

    Forum Stats

  • 3,889,564 Users
  • 2,269,760 Discussions
  • 7,916,782 Comments

Discussions

Signing module for UKI with OL 8.7 UEK R7

User_V1D86
User_V1D86 Member Posts: 1 Green Ribbon

Hi,

I'm trying to sign a zfs module for the OL 8.7 UEK R7 booted in Secure Boot mode. I'm currently using my own certificate as described here: Working With UEFI Secure Boot (oracle.com). My kernel is an UKI made with dracut. And I use DB and not MOK here because of UKI (no shim).

When I try to insert the signed module in Secure Boot Mode, I receive this error:

modprobe: ERROR: could not insert 'zfs': Key was rejected by service

Without the SB Mode, the module is OK.

My key is stored in the UEFI DB, so it is loaded in the .platform keyring. If what is said here is correct : How to load custom kernel module with Secure Boot (OL8.1 UEK6) - Page 2 — oracle-tech, I can't use DB as my signing cert because it is no more in trusted keyring since R6. And I can't find anything to made my signed module loaded without error in SB Mode.

Is there someone that can help me on this?

Thank you.

Marc