Model signing documentation #2
Description
Although mentioned in the "Troubleshooting" I would vote for making the documentation about this present in the main Readme.
Many modern systems have secure boot active and this is not a corner case.
I went for the route signing the extension. Here is how I did it documented, which can be moved to the main Readme:
arne@framebook:~/Sites/procpower/src$ sudo make install
[sudo] password for arne:
echo 1 | sudo tee /proc/sys/kernel/sched_schedstats
1
sudo insmod energy_proc.ko
insmod: ERROR: could not insert module energy_proc.ko: Key was rejected by service
make: *** [Makefile:13: install] Error 1
To sign the module first a key needs to be created:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.pem -days 365 -nodes -subj "/CN=My Module Key/"
Then signing the module
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 MOK.key MOK.pem energy_proc.ko
The key needs to be enrolled with the OS, but Ubuntu needs a different format:
openssl x509 -outform DER -in MOK.pem -out MOK.der
Then the module can be imported, which:
sudo mokutil --import MOK.der
Now the system can be rebooted and a screen like this should appear:
Process is straight forward and afterwards the make install can be called again.