lost wifi, ethernet, docking station with 16.04 kernel signing.
Petter Adsen
petter at synth.no
Tue Apr 26 08:07:54 UTC 2016
On Mon, 25 Apr 2016 22:13:50 -0400
Peter Silva <peter at bsqt.homeip.net> wrote:
> On Mon, Apr 25, 2016 at 8:25 PM, Tom H <tomh0665 at gmail.com> wrote:
>
> > On Tue, Apr 26, 2016 at 2:15 AM, Tom H <tomh0665 at gmail.com> wrote:
> > > On Tue, Apr 26, 2016 at 1:26 AM, Peter Silva
> > > <peter at bsqt.homeip.net>
> > wrote:
> > >>
> > >> I boot 4.4.0-18 and all the modules insert just fine.
> > >> 4.4.0-19 and later I get the error message.
> > >
> > > Please bottom-post.
> > >
> > > My apologies. I always assumed that setting the MODULE_SIG* would
> > > force the kernel to check for signed modules in general as well
> > > as for signed modules in the SB case but I had some doubts.
> > >
> > > Given your problem, I had the rather silly idea of grepping
> > > through the 4.4.0-21 kernel config for "EFI" and I found
> > > "EFI_SECURE_BOOT_SIG_ENFORCE".
> > >
> > > I couldn't find it in my upstream 4.6-rc5 kconfig but I did find
> > > it in an Ubuntu patch, "linux_4.4.0-21.37.diff", and it means
> > > "Force module signing when UEFI Secure Boot is enabled".
> > >
> > > Check -18 and -19 for this. It's probably off or non-existent in
> > > -18.
> > >
> > > So Ubuntu's killed dkms-dependent packages (or otherwise
> > > locally-compiled modules) with SB active - unless you compile and
> > > sign your own stuff.
> >
> > I've found the "EFI_SECURE_BOOT_SIG_ENFORCE" bug:
> >
> > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566221
> >
> > You can use dkms modules after running "sudo mokutil
> > --disable-validation" so it might/should work for your
> > locally-compiled modules.
> >
>
> This made no difference. I did mokutil --disable-validation, it
> prompted for a password twice... did not know if it was setting one
> or asking for a known one then returned (usually means success in
> linux.)
>
> tried rebooting... same behaviour.
>
> went into bios. Disabled secure boot for now...
> now can boot and run modules on 4.4.0-22.
>
> A lot of people need external modules.
> Any easy recipes to sign modules for non kdevs somewhere?
If you look at the link I posted earlier it contains instructions for
creating a key, registering it and signing binaries with it.
Petter
--
"I'm ionized"
"Are you sure?"
"I'm positive."
More information about the ubuntu-users
mailing list