signed kernel module not accepted

Bram

10/28/23, 1:37 PM

I signed a kernel module with MOK using:

$ sudo kmodsign sha512 \
  /var/lib/shim-signed/mok/MOK.priv \
  /var/lib/shim-signed/mok/MOK.der \
  ./ipu6-drivers/0.0.0/5.19.0-23-generic/x86_64/module/intel-ipu6.ko

And modinfo reports it as signed:

...
name:           intel_ipu6
vermagic:       5.19.0-23-generic SMP preempt mod_unload modversions 
sig_id:         PKCS#7
signer:         ubuntu Secure Boot Module Signature key
sig_key:        63:07:BC:9E:44:51:90:19:4E:DF:D6:E3:22:C9:6A:04:A0:BC:D3:C6
sig_hashalgo:   sha512
signature:      3B:29:E9:60:C5:DB:F8:A1:03:5A:2B:54:D1:8A:90:19:BB:0A:0A:46:
...

But when I attempt to load the module using modprobe, I get:

Loading of unsigned module is rejected

in my kernel log.

Why do the kernel and the modinfo differ in opinion on the module being signed?

The key also shows up in mokutil --list-enrolled output.

1484

1 + 1

kernel

secure-boot

Mathieu J.

12/24/23, 10:35 AM

I am trying to do the same thing in Ubuntu 22.10, but the mok folder is empty. has this changed?

Score:4

Ubuntu

Bram

10/28/23, 2:49 PM

This is because my kernel module was at two different locations:

/var/lib/dkms/ipu6-drivers/0.0.0/5.19.0-23-generic/x86_64/module/intel-ipu6.ko
/lib/modules/5.19.0-23-generic/updates/dkms/intel-ipu6.ko

...and I only signed one of them, which was not the one found by modprobe.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: signed kernel module not accepted

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.