VectorKappa/universal-pidff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update information about key path

Browse Source
This commit is contained in:
Oleg
2024-07-19 11:55:35 +03:00
parent 38c629829f
commit bfbdb9620e
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/SIGNING.md
View File

@@ -11,12 +11,23 @@ For SecureBoot enabled system you have a choice:
### Using DKMS MOK key ### Using DKMS MOK key
MOK private key and certificates are generated the first time DKMS is run. You just need to import it to your system. MOK private key and certificates are generated the first time DKMS is run. You just need to import it to your system.
The location as well can be changed by setting the appropriate variables in /etc/dkms/framework.conf. For example, to allow usage of the system default Ubuntu update-secureboot-policy set the configuration file as follows:
``` ```
# Check if keys are present in default path mok_signing_key="/var/lib/shim-signed/mok/MOK.priv"
mok_certificate="/var/lib/shim-signed/mok/MOK.der"
```
```
# Find where keys are on your distro
ls -al /var/lib/dkms/mok* ls -al /var/lib/dkms/mok*
# OR (on Ubuntu)
ls -al /var/lib/shim-signed/mok/MOK*
# Enroll keys into system # Enroll keys into system
sudo mokutil --import /var/lib/dkms/mok.pub sudo mokutil --import /var/lib/dkms/mok.pub
# OR (on Ubuntu)
sudo mokutil --import /var/lib/shim-signed/mok/MOK.der
``` ```
You need to reboot your PC after that, you will be greeted with blue screen dialog. You need to reboot your PC after that, you will be greeted with blue screen dialog.
Choose "Enroll MOK", then "Continue" and "Yes". After that choose "Reboot system". Choose "Enroll MOK", then "Continue" and "Yes". After that choose "Reboot system".