Custom 6.2.1 kernel
Jerry Geis
jerry.geis at gmail.com
Tue Mar 14 20:14:43 UTC 2023
I have a "remote" computer running ubuntu 20.40
I want to put 6.2.1 kernel on it - and the system run secure boot.
I do not have anyone at the location to put a monitor and keyboard on it -
to enroll the MOK certificate. I have root access - is there any way to do
that before rebooting ?
I need to fully install the secure kernel before rebooting so it just comes
back up ?
How is that done?
I did all this:
cp mokconfig.cnf /tmp
cd /tmp
echo openssl-1
openssl req -config mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"
echo openssl-2
openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem
cp MOK.pem /boot
echo mokutil-import
mokutil --import MOK.der
echo mokutil-list
mokutil --list-enrolled
echo sbsign
sbsign --key MOK.priv --cert MOK.pem /boot/vmlinuz-6.2.1 --output
/boot/vmlinuz-6.2.1.signed
mv /boot/vmlinuz-6.2.1.signed /boot/vmlinuz-6.2.1
update-grub
But I get prompted for the password and prompted to enroll the MOV on
reboot.
Thanks,
Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20230314/aef5d139/attachment.html>
More information about the ubuntu-users
mailing list