dkms generate_mok
ls /var/lib/shim-signed/mok/
MOK.der MOK.pem MOK.priv
openssl x509 -inform der -in "/var/lib/shim-signed/mok/MOK.der" -out "/var/lib/shim-signed/mok/MOK.pem"
mokutil --import "/var/lib/shim-signed/mok/MOK.der"
mkdir -p "/root/.mok"
cp -prf "/var/lib/shim-signed/mok/MOK.der" "/root/.mok/MOK.der"
cp -prf "/var/lib/shim-signed/mok/MOK.pem" "/root/.mok/MOK.pem"
cp -prf "/var/lib/shim-signed/mok/mok/MOK.priv" "/root/.mok/MOK.priv"
mkdir -p /etc/dkms
cp -prf "myconfig/etc/debian/dkms/sign_helper.sh" "/etc/dkms/sign_helper.sh"
cp -prf "myconfig/etc/debian/dkms/framework.conf" "/etc/dkms/framework.conf"
cat myconfig/etc/debian/dkms/sign_helper.sh
/lib/modules/"$1"/build/scripts/sign-file sha512 /root/.mok/MOK.priv /root/.mok/MOK.der "$2"
cat myconfig/etc/debian/dkms/framework.conf
mok_signing_key="/var/lib/shim-signed/mok/MOK.priv"
mok_certificate="/var/lib/shim-signed/mok/MOK.der"
sign_tool="/etc/dkms/sign_helper.sh"
local VERSION="$(uname -r)"
local SHORT_VERSION="$(uname -r | cut -d . -f 1-2)"
local MODULES_DIR=/lib/modules/$VERSION
local KBUILD_DIR=/usr/lib/linux-kbuild-$SHORT_VERSION
sbsign --key "${DIR_DST}/mok/MOK.priv" --cert "${DIR_DST}/mok/MOK.pem" "/boot/vmlinuz-$VERSION" --output "/boot/vmlinuz-$VERSION.mok"
update-initramfs -k all -u
update-grub
sudo mokutil --sb-state
SecureBoot enabled
sudo mokutil --list-enrolled
показывает ключи
sudo mokutil --test-key /var/lib/shim-signed/mok/MOK.der
/var/lib/shim-signed/mok/MOK.der is already enrolled
Далее я перезагружаюсь, захожу enroll key, выбираю key0, ввожу пароль, предлагает перезагрузиться. Перезагружаюсь и загружаю ядро .mok и получаю: http://0x0.st/KyJ0.jpg
