Am 29.03.2017 um 18:14 schrieb jsegitz@suse.de:
On Wed, Mar 29, 2017 at 01:04:46PM +0200, Malte Gell wrote:
to bring pain to a new level I play with secure boot and want to get a custom kernel run with secure boot. I read the SUSE how to from there:
https://en.opensuse.org/openSUSE:UEFI#Booting_a_custom_kernel
But, I am a bit confused, this guides signs vmlinuz, but not a single module!? Don´t the kernel modules need to be signed as well?
For openSUSE kernels module loading is not restricted (for SLES it is)
Ok. I think this is no problem, there still is MODULE_SIG_FORCE to care for signed modules. And, do I understand correctly, MokManager.efi is signed with the Microsoft KEK and writes my user key into the UEFI db key store? Thus, MokManager.efi is a way to get user keys into UEFI db? thanks -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org