Hello, On Tue, Mar 07, 2023 at 05:26:20PM -0000, Joe Salmeri wrote:
Hi Larry,
I was hoping that you would chime in.
The MOK BlueScreen comes up during the reboot just as you describe and I proceed to enroll the key and no errors are reported.
After reboot and enrolling the key
mokutil --list-enrolled shows the key (whereas before the reboot mokutil --list-new showed that the key was new but not enrolled yet)
I have also done the mokutil --delete to remove the key, rebooting and removing via the MokManager blue screen and then repeating the process of
compile vmmon and vmnet generate key sign vmmon and vmnet with the kernel mokutil --import *.der file reboot enroll boot mokutil --list-enrolled shows the key
BUT....
kernel still complains that the modules are unsigned, despite, modinfo showing that they are.
Can you look of the key made it into the keyring? # cat /proc/keys | grep machine 31db47ec I------ 1 perm 1f0b0000 0 0 keyring .machine: empty ^^^^^^^^------vvvvvvvv # keyctl show 0x31db47ec Keyring 836454380 ---lswrv 0 0 keyring: .machine The default is empty because the kernel key does not need to be enrolled, and apparently the CA key is not imported. Thanks Michal