Project ID: 19084


akmods secure boot feature

Installation Instructions

Akmods provides an enroll process to sign third party modules with your own keypair.

You need enable kmodtool copr first (because feature not upstream for now) dnf copr enable shannara/kmodtool-secureboot

At the first run of the akmods.service, certificate and keypair will be created with default value using the /usr/lib/rpm/kmodgenca script.

You may also wish to manually create your own certificate and keypair with /usr/lib/rpm/kmodgenca command. Before executing /usr/lib/rpm/kmodgenca:

  • We suggest to tweak /etc/akmods/cacert.config with your own information for the certificate.
  • __signmodules has to be set to "1" (default value) in /etc/akmods/

Now you need to enroll the public key in MOK, this process is described below.

  • Ask MOK to enroll new keypair with certificate with the command mokutil --import /etc/pki/akmods/keys/public_key.der.
  • mokutil asks to generate a password to enroll the public key.
  • Rebooting the system is needed for MOK to enroll the new public key.
  • On next boot MOK Management is launched and you have to choose "Enroll MOK".
  • Choose "Continue" to enroll the key or "View key 0" to show the keys already enrolled.
  • Confirm enrollment by selecting "Yes".
  • You will be invited to enter the password generated above. WARNING: keyboard is mapped to QWERTY!
  • The new key is enrolled, and system ask you to reboot.

You can confirm the enrollment of the new keypair once the system rebooted with: mokutil --list-enrolled | grep Issuer or with: mokutil --test-key /etc/pki/akmods/keys/public_key.der

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release Architectures Repo Download
EPEL 6 x86_64 (0)* EPEL 6 (105 downloads)
EPEL 7 x86_64 (0)* EPEL 7 (103 downloads)

* Total number of packages downloaded in the last seven days.