Hello, On Tue, Mar 07, 2023 at 05:26:20PM -0000, Joe Salmeri wrote:
Hi Larry,
I was hoping that you would chime in.
The MOK BlueScreen comes up during the reboot just as you describe and I proceed to enroll the key and no errors are reported.
After reboot and enrolling the key
mokutil --list-enrolled shows the key (whereas before the reboot mokutil --list-new showed that the key was new but not enrolled yet)
I have also done the mokutil --delete to remove the key, rebooting and removing via the MokManager blue screen and then repeating the process of
compile vmmon and vmnet generate key sign vmmon and vmnet with the kernel mokutil --import *.der file reboot enroll boot mokutil --list-enrolled shows the key
BUT....
kernel still complains that the modules are unsigned, despite, modinfo showing that they are.
In an earlier message, I listed the exact steps I did, could you please look at that and tell me what step I am missing?
Shouldn't this be set: config/x86_64/default:# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set The MOK keys get added to th secondary keyring, not primary. Thanks Michal