VirtualBox

Changeset 97284 in vbox


Ignore:
Timestamp:
Oct 24, 2022 4:29:28 PM (2 years ago)
Author:
vboxsync
Message:

Linux startup scripts: update instruction on how to manually generate Secure Boot signing key, bugref:10287.

It seems that OpenSUSE kernel has CONFIG_CHECK_CODESIGN_EKU config option.
This option implies that a key, which is used in order to sign kernel
modules, must be generated with -addext "extendedKeyUsage=codeSigning" parameter.
Otherwise kernel will reject module on loading. This seems to be specific
only to OpenSUSE kernels, but following the same approach for other distros
seems to be harmless, so updating common recomendation on how to generate keys.

Location:
trunk/src/VBox
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Additions/linux/installer/vboxadd.sh

    r97259 r97284  
    393393
    394394    sudo mkdir -p /var/lib/shim-signed/mok
    395     sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
     395    sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext \"extendedKeyUsage=codeSigning\" -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
    396396    sudo mokutil --import $DEB_PUB_KEY
    397397    sudo reboot
  • trunk/src/VBox/Installer/linux/vboxdrv.sh

    r97259 r97284  
    735735
    736736    sudo mkdir -p /var/lib/shim-signed/mok
    737     sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
     737    sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext \"extendedKeyUsage=codeSigning\" -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
    738738    sudo mokutil --import $DEB_PUB_KEY
    739739    sudo reboot
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette