Ask Your Question
2

Packaging a wireless driver (rtl8814au) for secure boot

asked 2017-09-26 03:44:17 -0500

UnderMine gravatar image

I have got the TP-Link Archer T9UH USB wifi card working using the rtl8814au driver ( https://github.com/zebulon2/rtl8814au... ) with kernel 4.12.13-300.fc26.x86_64 but with secure boot disabled. I wonder how to wrap this into a package especially in relation to re-enabling secure boot

http://www.tp-link.com/us/products/de...

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2017-10-01 05:23:39 -0500

hedayat gravatar image

updated 2017-10-01 05:25:13 -0500

If you just want the system to be able to work when Secure Boot is enabled, you might try telling shim to not enforce secure boot in later boot stages.

If you want to make the module properly work and secure boot is still enforced upon Grub & Linux kernel, you should sign your module and roll your own signing key so that it can be verified.

You can see the following links for more information:

https://ask.fedoraproject.org/en/ques...

https://access.redhat.com/documentati...hatenterpriselinux/7/html/systemadministrators_guide/sect-signing-kernel-modules-for-secure-boot

It seems that askbot corrupts links, so this is the raw links:

https://ask.fedoraproject.org/en/question/109564/how-to-get-rawhide-kernel-to-work-with-secureboot-in-f26/?answer=109840#post-id-109840

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-signing-kernel-modules-for-secure-boot
edit flag offensive delete link more
0

answered 2017-10-02 16:53:28 -0500

davidva gravatar image

updated 2017-10-03 14:10:02 -0500

@UnderMine Well no a real aswner?,Generally advanced guide for sign a kernel module isnt easy to find; because the documentation is bad (if exist), yes very bad. Exist a fronted called "UEFI-SecureBoot-SignTool"; UEFI Secure Boot Sign Tool can be used to sign kernel modules. Essentially, it is a wrapper around the sign-file binary in the kernel sources. I am testing (I need sign too), but my time is limited. Maybe we can merge forces...

You can include to your "rtl8814au" the configuration to sb-signtool...

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2017-09-26 03:44:17 -0500

Seen: 274 times

Last updated: Oct 03 '17