To add a certificate to the uefi store, use the mokutil command. $> mokutil –import <.der file>
Category: UEFI Stuff
Stuff for uefi
UEFI: Signing a compiled driver with default certs.
This procedure needs the following packages: mokutil Signing a driver. gt; sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der /lib/modules/$(uname -r)/kernel/drivers/<location of the driver> OR gt; sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der <kernel-module/driver name> Example: gt; sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der /lib/modules/$(uname -r)/kernel/drivers/net/wireless/88x2bu.ko OR gt; sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der 88x2bu.ko kernel update After a kernel update, rebuild […]
UEFI: Creating certs and signing a driver
This procedure needs the following packages: mokutil For the first time signing a driver. If you don’t have any MOK.der and MOK.priv files on your system. Create a signing DER certificate. Sign the driver with the newly created certificates. Let UEFI use your newly created certs. Creating a signing request, only if none is available on […]