From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: john huttley <john@mib-infotech.co.nz>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: mint (ubuntu) kernel Signing
Date: Sat, 11 Feb 2017 10:14:37 +0100 [thread overview]
Message-ID: <CAHmME9qXG4tGfkm5+WKhuPx+gFiO+GEZM_fAbrG+gHsqGm87XQ@mail.gmail.com> (raw)
In-Reply-To: <505f3f87-16a9-3020-ad9f-10d1c71749e3@mib-infotech.co.nz>
Hey John,
Indeed if you have a secure-boot enabled kernel, you need to sign your
kernel modules before they can be inserted. One option is just to
disable secureboot and then restart:
sudo apt install mokutil
sudo mokutil --disable-validation
But if you'd like to retain the security of secureboot, then you can
add your own signing key to UEFI and sign the kernel module with it.
You can follow basically the same process as described in this
article: http://www.pellegrino.link/2015/11/29/signing-nvidia-proprietary-driver-on-fedora.html
Except you sign wireguard.ko in the end.
Let me know if you have trouble or require more explanation. If this
becomes a real sore point, I'll write some WireGuard-specific
documentation or even write some automated scripts. But I'd be
interested in your feedback first on the above.
Thanks,
Jason
next prev parent reply other threads:[~2017-02-11 9:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-22 13:08 [WireGuard] Pull-based peer configuration Baptiste Jonglez
2016-11-22 16:31 ` Jason A. Donenfeld
2017-02-08 23:23 ` mint (ubuntu) kernel Signing john huttley
2017-02-11 9:14 ` Jason A. Donenfeld [this message]
2017-02-11 12:18 ` [WireGuard] Pull-based peer configuration jens
2017-02-11 14:49 ` Jason A. Donenfeld
2019-12-26 1:36 ` F. Hölzlwimmer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9qXG4tGfkm5+WKhuPx+gFiO+GEZM_fAbrG+gHsqGm87XQ@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=john@mib-infotech.co.nz \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).