On Tue, 2019-06-04 at 14:53 +0900, Hideki Yamane wrote: > Hi, > > > linux (4.19.37-1) unstable; urgency=medium > (snip) > > * Import patches to enable loading keys from UEFI db and MOK from > > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git to > > allow kernel modules built by users (eg: by dkms) to be verified, and > > to load dbx and MOKX for the equivalent blacklisting functionality. > > It seems that we can use virtualbox with secure boot enabled, however, > I got an error as below > > > $ sudo modprobe vboxdrv > > modprobe: ERROR: could not insert 'vboxdrv': Required key not available > > Do I forget to do something or need extra step for it? Yes, you would have to actually sign the module and enrol the signing key. Unfortunately I don't believe there's a simple way to do that at present. It is also possible to disable shim's signature checking using mokutil (which then has to be confirmed interactively on the following boot). These patches make the kernel follow shim's behaviour. This is useful if the system firmware makes it difficult to disable Secure Boot. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part