Merge pull request #280 from ArcticXWolf/add_signing_info_for_other_distros
Fixes #261 and adds info on other linux distros
This commit is contained in:
commit
8485551416
11
SIGNING.md
11
SIGNING.md
|
@ -1,7 +1,10 @@
|
||||||
# Signing a custom kernel for Secure Boot
|
# Signing a custom kernel for Secure Boot
|
||||||
|
|
||||||
(Instructions are for ubuntu, but should work similar for other distros, if they are using shim
|
Instructions are for ubuntu, but should work similar for other distros, if they are using shim
|
||||||
and grub as bootloader.)
|
and grub as bootloader. If your distro is not using shim (e.g. Linux Foundation Preloader), there
|
||||||
|
should be similar steps to complete the signing (e.g. HashTool instead of MokUtil for LF Preloader)
|
||||||
|
or you can install shim to use instead. The ubuntu package for shim is called `shim-signed`, but
|
||||||
|
please inform yourself on how to install it correctly, so you do not mess up your bootloader.
|
||||||
|
|
||||||
Since the most recent GRUB2 update (2.02+dfsg1-5ubuntu1) in Ubuntu, GRUB2 does not load unsigned
|
Since the most recent GRUB2 update (2.02+dfsg1-5ubuntu1) in Ubuntu, GRUB2 does not load unsigned
|
||||||
kernels anymore, as long as Secure Boot is enabled. Users of Ubuntu 18.04 will be notified during
|
kernels anymore, as long as Secure Boot is enabled. Users of Ubuntu 18.04 will be notified during
|
||||||
|
@ -13,9 +16,11 @@ Thus you have three options to solve this problem:
|
||||||
2. You use a signed, generic kernel of your distro.
|
2. You use a signed, generic kernel of your distro.
|
||||||
3. You disable Secure Boot.
|
3. You disable Secure Boot.
|
||||||
|
|
||||||
Since option two and three are not really viable, these are the steps to sign the kernel yourself:
|
Since option two and three are not really viable, these are the steps to sign the kernel yourself.
|
||||||
|
|
||||||
Instructions adapted from [the Ubuntu Blog](https://blog.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot).
|
Instructions adapted from [the Ubuntu Blog](https://blog.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot).
|
||||||
|
Before following, please backup your /boot/EFI directory, so you can restore everything. Follow
|
||||||
|
these steps on your own risk.
|
||||||
|
|
||||||
1. Create the config to create the signing key, save as mokconfig.cnf:
|
1. Create the config to create the signing key, save as mokconfig.cnf:
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue