akmods secure boot feature
Akmods provides an enroll process to sign third party modules with your own keypair.
You need enable kmodtool copr first (because feature not upstream for now)
dnf copr enable shannara/kmodtool-secureboot
At the first run of the akmods.service, certificate and keypair will be
created with default value using the
You may also wish to manually create your own certificate and keypair
- We suggest to tweak /etc/akmods/cacert.config with your own information for the certificate.
- __signmodules has to be set to "1" (default value) in /etc/akmods/sign-keypair.inc.
Now you need to enroll the public key in MOK, this process is described below.
- Ask MOK to enroll new keypair with certificate with the command
mokutil --import /etc/pki/akmods/keys/public_key.der.
- mokutil asks to generate a password to enroll the public key.
- Rebooting the system is needed for MOK to enroll the new public key.
- On next boot MOK Management is launched and you have to choose "Enroll MOK".
- Choose "Continue" to enroll the key or "View key 0" to show the keys already enrolled.
- Confirm enrollment by selecting "Yes".
- You will be invited to enter the password generated above. WARNING: keyboard is mapped to QWERTY!
- The new key is enrolled, and system ask you to reboot.
You can confirm the enrollment of the new keypair once the system
mokutil --list-enrolled | grep Issuer
mokutil --test-key /etc/pki/akmods/keys/public_key.der
The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).
|EPEL 6||x86_64 (0)*||EPEL 6 (103 downloads)|
|EPEL 7||x86_64 (0)*||EPEL 7 (102 downloads)|
* Total number of packages downloaded in the last seven days.