On 3/7/23 11:26, Joe Salmeri wrote:
Hi Larry,
I was hoping that you would chime in.
The MOK BlueScreen comes up during the reboot just as you describe and I proceed to enroll the key and no errors are reported.
After reboot and enrolling the key
mokutil --list-enrolled shows the key (whereas before the reboot mokutil --list-new showed that the key was new but not enrolled yet)
I have also done the mokutil --delete to remove the key, rebooting and removing via the MokManager blue screen and then repeating the process of
compile vmmon and vmnet generate key sign vmmon and vmnet with the kernel mokutil --import *.der file reboot enroll boot mokutil --list-enrolled shows the key
BUT....
kernel still complains that the modules are unsigned, despite, modinfo showing that they are.
In an earlier message, I listed the exact steps I did, could you please look at that and tell me what step I am missing?
Joe, In one of the Makefiles for a repo, the following code worked for other users: openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out \ MOK.der -nodes -days 36500 -subj "/CN=Custom MOK/ mokutil --import MOK.der $(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der 8723du.ko As far as I can tell, that is the equivalent to your code. It failed here. I tried changing the length from 2048 to 4096, but that did not help. At this point, I have no idea what it wants! Larry