서명 모듈을 로드하려고 할 때 "필수 키를 사용할 수 없음" 오류

서명 모듈을 로드하려고 할 때 "필수 키를 사용할 수 없음" 오류

모듈을 만들어서 사용했습니다 make modules_install.

다음 명령을 실행했습니다.이 점:

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes  -subj "/CN=Owner/"
mokutil --import MOK.der

그 후 시작 시 MokManager를 사용하여 mok를 다시 시작하고 등록했습니다. 재부팅 후 다음 명령을 사용하여 파일에 서명했습니다(요점도 약간 수정됨).

sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/$(uname -r)/extra/veikk.ko

modinfo veikk다음은 도움이 될 수 있는 mokutil -l, 및 의 출력 입니다 .sudo cat /proc/keys

modinfo veikk:

filename:       /lib/modules/5.1.5-arch1-2-ARCH/extra/veikk.ko.xz
license:        GPL
srcversion:     A82263B16A25C763382D8B9
alias:          hid:b0003g*v00002FEBp00000003
alias:          hid:b0003g*v00002FEBp00000002
alias:          hid:b0003g*v00002FEBp00000001
depends:        hid
retpoline:      Y
name:           veikk
vermagic:       5.1.5-arch1-2-ARCH SMP preempt mod_unload 
sig_id:         PKCS#7
signer:         Owner
sig_key:        5A:18:61:8C:22:EC:D0:BC:93:BB:E2:D2:97:1F:8B:E8:9F:7E:44:4D
sig_hashalgo:   sha256
signature:      12:F3:84:AB:05:27:17:64:E0:7B:39:62:2D:81:43:7F:42:4A:36:79:
        13:09:88:C4:3A:66:DB:EA:83:97:D6:5F:3C:05:30:01:60:AE:B7:92:
        09:29:FE:A0:C9:9F:34:E8:6D:22:D3:CE:A3:D8:4E:B9:75:A8:A4:0A:
        BB:E3:B0:2C:68:C4:73:2F:8C:49:22:1B:F3:E8:70:EE:07:A1:C8:2F:
        DA:51:8A:9C:8A:29:D5:84:18:17:BD:7E:89:25:CC:79:BE:34:1D:8A:
        2C:F0:B1:13:AD:6A:1E:27:C5:31:37:03:37:33:AC:35:75:D4:CC:16:
        C3:EF:75:4E:C5:85:FF:45:D2:4F:33:F1:50:99:AC:36:14:08:19:D7:
        37:6B:2C:1A:4E:16:3D:35:D1:57:FD:50:AF:45:66:D1:72:83:BC:2A:
        FE:B8:F2:99:F4:EB:7E:35:0A:EC:91:49:13:D0:3D:33:DF:BB:75:0E:
        BA:F3:11:BB:CD:68:30:00:72:16:CD:E6:79:85:E0:3D:32:D7:41:8B:
        AC:A1:02:D7:EA:33:36:C6:F4:04:F1:66:8C:F3:9D:9F:7F:EF:3C:2D:
        30:77:08:95:1F:1D:7F:A2:98:63:CD:2D:CF:68:0C:C4:7F:5C:0F:33:
        D9:C1:70:95:0D:8F:37:B5:B9:4C:28:9F:F7:1A:8A:71

mokutil -l:

[key 1]
SHA1 Fingerprint: c0:fa:91:66:f8:dc:74:df:09:6f:9c:a1:d3:4f:57:a1:5d:45:16:ad
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:58:4e:e8:65:65:61:35:3a:d3:b2:cf:88:64:f0:77:6c:f2:d0:68
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Owner
        Validity
            Not Before: Jun 14 01:15:17 2019 GMT
            Not After : Jul 14 01:15:17 2019 GMT
        Subject: CN=Owner
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:81:f9:35:0e:ff:29:8f:78:c1:b8:67:03:6e:
                    9a:cd:c1:62:0d:35:ee:56:3a:4f:7c:af:df:83:dd:
                    1b:3f:83:86:30:c1:8c:e2:2f:42:03:12:9d:40:39:
                    16:4b:2e:57:eb:94:42:00:3e:8e:d4:2b:eb:2d:13:
                    92:62:c9:65:47:a9:ac:91:fc:b0:dd:79:c3:d4:6f:
                    2e:32:a3:45:9b:d4:17:d1:e9:3c:4d:21:74:83:17:
                    91:70:6a:84:27:dd:36:db:59:16:72:c3:eb:1c:a0:
                    d7:3b:97:1b:ad:6e:3d:de:fd:91:8b:c3:78:37:ec:
                    f5:96:be:0d:4b:a0:07:01:5e:50:d9:0f:15:17:19:
                    6b:a3:8b:74:3f:e2:b6:34:ce:5d:16:f6:0d:20:87:
                    0e:e9:3d:ac:73:dc:36:eb:36:6c:57:22:c2:25:58:
                    e2:c1:7f:2d:72:94:4d:68:fa:1a:f3:26:4e:27:35:
                    a2:ec:82:02:da:61:d0:a2:44:68:64:1c:11:b0:40:
                    4f:0f:a3:fe:c8:d8:d5:87:11:c8:33:88:b2:5f:c0:
                    f8:5b:8d:68:5d:01:fd:5a:a7:6c:33:65:bc:64:20:
                    dc:95:1e:15:ec:bf:88:7d:97:aa:0a:c3:74:48:01:
                    0c:64:5f:df:e1:47:9a:bc:c5:2c:71:f3:ec:33:a8:
                    cf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                0E:9E:94:49:32:C9:02:2F:93:8C:D5:58:39:40:5D:C0:BB:11:35:76
            X509v3 Authority Key Identifier: 
                keyid:0E:9E:94:49:32:C9:02:2F:93:8C:D5:58:39:40:5D:C0:BB:11:35:76

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         76:4b:d4:8e:b4:08:c3:07:f8:d0:44:97:84:54:a8:e3:07:36:
         49:91:86:71:46:1b:42:18:f8:f0:c3:be:95:a2:22:1d:e2:8a:
         d4:8c:6e:ec:1c:ff:58:2e:12:82:0a:b9:90:37:10:96:39:08:
         f0:44:35:ea:ba:95:f8:99:64:c7:96:d2:a0:fc:67:dc:89:e8:
         df:29:60:6b:e5:bd:f6:45:86:83:8f:87:f7:dc:37:ba:26:3d:
         c2:0a:5e:f2:ee:6e:36:17:00:1f:74:37:52:d7:5f:d5:c9:ec:
         2d:3e:30:66:66:a9:4c:37:b7:95:3e:77:9d:d8:cf:09:70:d6:
         29:8f:00:5e:84:23:0b:0d:f8:09:b0:d1:cd:9b:55:1f:40:c5:
         56:99:3c:01:79:1f:86:9c:ac:7f:fd:1b:77:c0:24:41:21:d1:
         3d:f8:bd:d3:44:ba:62:76:50:30:2f:ea:bc:0b:7c:76:78:21:
         bc:1d:d2:6c:f3:38:a3:42:4e:c5:04:d8:ef:49:5a:f3:2d:ed:
         cd:f7:6b:2a:2f:a9:22:bd:d8:95:12:fa:02:87:81:af:7d:07:
         5e:98:22:7f:db:94:59:95:f9:a0:be:45:61:2b:2b:4e:af:2c:
         e8:f9:ee:64:19:ef:58:9c:9c:87:66:41:2c:df:0f:79:e7:12:
         c4:23:8a:2a

[key 2]
SHA1 Fingerprint: d8:e4:11:a9:45:7d:55:ec:46:f6:99:37:33:ca:73:a0:72:39:61:de
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:21:0b:68:21:d6:b1:f0:e6:e6:72:82:69:8a:b5:58:55:05:c6:8c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Owner
        Validity
            Not Before: Jun 14 01:20:04 2019 GMT
            Not After : Jul 14 01:20:04 2019 GMT
        Subject: CN=Owner
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:25:17:e4:02:3d:4b:da:4a:6d:95:ba:7b:23:
                    22:34:67:87:45:56:b4:62:60:57:63:92:ba:eb:66:
                    92:6d:32:b3:60:18:26:79:ec:5f:8f:bb:d5:5d:e6:
                    1a:06:d2:24:a5:43:70:32:c8:cf:69:e6:1d:ff:15:
                    62:f3:11:8c:77:16:45:d4:ce:3a:9d:30:a7:33:c9:
                    3e:6d:47:08:69:8d:29:32:c8:67:6b:b1:1a:15:3f:
                    3c:62:72:45:28:e4:4a:2d:7f:b3:92:00:28:36:85:
                    fb:95:ea:2c:33:4b:a6:8c:bd:b6:73:f8:22:4a:3d:
                    30:89:dc:f6:2c:8f:fc:ea:68:3c:8f:da:a1:93:45:
                    93:44:7a:06:ce:1c:8e:9c:c5:13:2c:e0:01:c9:ea:
                    e7:6b:db:2e:bf:33:ca:79:ba:f7:e2:02:92:5e:29:
                    0d:f0:a5:b4:bc:44:10:ea:13:89:b2:b6:64:d9:bf:
                    92:d8:43:06:79:06:d7:5f:c4:9d:a7:54:21:51:97:
                    92:a9:58:e8:a8:50:e3:49:37:e5:81:2c:1a:16:2c:
                    ac:35:ef:fe:32:72:a2:a7:72:9f:93:f5:92:99:6f:
                    00:e4:f0:19:f6:84:67:26:66:e8:e5:b4:33:cd:bd:
                    b3:b6:32:f1:1c:01:ec:ae:59:7e:c4:85:9b:c4:3d:
                    a6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                4A:BC:D2:F9:F0:EF:86:E5:B5:C8:7A:EC:90:8D:F3:E6:2C:C5:86:BF
            X509v3 Authority Key Identifier: 
                keyid:4A:BC:D2:F9:F0:EF:86:E5:B5:C8:7A:EC:90:8D:F3:E6:2C:C5:86:BF

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         75:c1:2f:c9:6f:af:dc:3f:6e:66:93:99:80:90:20:ce:47:0c:
         be:30:c6:65:05:49:ff:46:74:57:52:69:61:74:ff:59:d9:0e:
         eb:c2:b3:3d:4f:26:b1:cd:1f:01:29:9d:c4:1d:78:a3:b7:87:
         c1:ac:d4:88:3f:db:3c:cb:28:94:a4:04:e1:5b:ad:0d:5f:a6:
         cf:2d:86:17:13:28:c4:27:5f:73:67:fc:fb:da:18:30:c6:df:
         b4:01:6f:e3:0d:e8:75:ed:d2:92:50:54:0d:be:bd:c9:82:5d:
         ca:31:53:60:a1:d5:ed:8d:8a:a1:02:76:6e:6c:cd:c4:c1:90:
         da:54:0d:15:6c:87:b6:4e:d7:bc:6a:67:0d:b1:86:a7:d2:7f:
         00:8a:56:b8:6d:fa:a7:ac:da:c7:a6:7b:d5:28:27:d1:c6:9d:
         d3:a3:91:2b:00:14:3e:b3:c8:27:32:54:f4:c3:85:f1:3e:38:
         a4:18:8c:ff:f3:3d:b9:34:62:87:66:ba:69:bb:3c:3a:48:73:
         bb:0f:a8:3d:b5:43:f0:3e:ac:19:7f:c6:5d:af:1f:2b:a9:17:
         2e:dc:f7:fa:ed:a1:23:16:eb:ab:bd:a3:e2:1d:ee:97:82:90:
         d6:d2:a9:ab:16:50:d7:bd:96:c8:a3:2a:32:54:84:88:ce:9c:
         ab:03:1d:9a

[key 3]
SHA1 Fingerprint: b3:68:bf:1c:e4:1d:05:48:94:01:71:c2:0b:9e:12:70:55:07:11:9f
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:18:61:8c:22:ec:d0:bc:93:bb:e2:d2:97:1f:8b:e8:9f:7e:44:4d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Owner
        Validity
            Not Before: Jun 14 03:20:34 2019 GMT
            Not After : Jul 14 03:20:34 2019 GMT
        Subject: CN=Owner
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6d:5b:fa:cf:bb:d7:57:83:53:9b:51:f0:71:
                    4c:42:d9:ea:b9:16:bd:a4:97:3f:b2:01:ed:3c:47:
                    b3:7f:5b:98:d7:78:2d:db:a6:5c:20:fe:ef:fe:6d:
                    7f:1e:62:02:68:38:39:ca:80:2a:b8:6b:af:ba:7f:
                    7c:4e:e2:e1:75:d0:2a:22:70:8f:76:48:21:c6:81:
                    4d:99:40:97:3f:f5:63:1f:66:01:52:a3:75:64:1f:
                    41:f1:74:53:52:c0:53:cd:46:81:1b:85:f2:13:ef:
                    93:2a:97:00:bc:79:9e:f9:7f:07:15:0e:b9:16:42:
                    83:35:10:49:ac:41:7e:ba:15:20:3f:7b:7b:19:b9:
                    85:3b:e6:9b:28:5d:fa:91:0d:66:98:be:d8:4e:6c:
                    12:20:81:85:a2:05:c6:3f:fe:73:c3:76:bc:ab:b1:
                    c2:d2:fd:46:5c:ac:17:19:0e:7b:d9:36:e4:7c:c8:
                    8b:28:ea:3b:eb:55:28:19:dd:00:01:6e:21:5a:9f:
                    6f:68:fd:a5:b7:1e:47:ea:2d:0c:2b:e9:ba:92:eb:
                    06:53:32:08:b9:1f:68:5a:5a:1f:f8:41:64:80:6f:
                    ee:1b:4b:b3:a0:11:60:ca:61:ca:b2:66:13:af:11:
                    87:55:cf:d2:b9:71:a3:1d:87:f8:7e:cc:27:e7:dd:
                    85:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                35:78:89:84:E0:8C:74:3C:BC:68:B2:63:83:53:72:41:22:39:88:A1
            X509v3 Authority Key Identifier: 
                keyid:35:78:89:84:E0:8C:74:3C:BC:68:B2:63:83:53:72:41:22:39:88:A1

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         2a:55:83:03:24:91:54:83:83:c6:88:34:67:19:e2:3c:e3:3b:
         5d:58:0d:ab:d2:b2:89:09:6f:7b:6d:da:25:41:cf:e2:51:d2:
         0e:1b:0d:04:dd:d3:14:54:37:b7:dc:a2:1c:1e:04:b6:a0:27:
         74:a0:bc:5e:09:eb:59:d0:88:02:67:9c:6e:90:f6:d4:8f:aa:
         8f:b8:ed:a8:2e:42:e8:06:4f:7d:cd:47:81:64:b8:8b:ba:a6:
         4b:65:91:d2:75:87:f2:90:03:4c:c0:a7:72:7d:3e:32:0c:98:
         be:56:6b:dc:f5:9b:15:70:13:c5:0e:ef:49:83:4e:4c:25:e6:
         ad:71:8c:3b:d6:be:18:b3:ca:e4:fb:75:68:74:10:2f:2c:38:
         22:f7:fc:d9:1e:ca:72:36:0e:b6:b3:e6:6c:8e:60:a0:5f:9a:
         a3:b1:ca:0c:d5:6c:07:68:8a:19:c6:2c:e6:9e:a1:5d:5d:f3:
         43:36:67:62:cf:de:44:11:21:d2:09:87:78:d0:75:cd:7c:3b:
         ff:cd:48:ab:b6:56:94:c4:f7:d2:65:06:df:ee:81:55:53:55:
         7a:1e:b8:6a:f5:05:20:48:da:90:03:e7:18:ab:0d:90:ec:93:
         fe:13:4f:b8:53:cc:7c:1e:d3:56:93:51:99:f0:ab:0b:8f:2c:
         d7:6c:cc:c1

[key 4]
SHA1 Fingerprint: 7e:68:65:1d:52:68:5f:7b:f5:8e:a0:1d:78:4d:2f:90:d3:f4:0f:0a
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2574709492 (0x9976f2f4)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Fedora Secure Boot CA
        Validity
            Not Before: Dec  7 16:25:54 2012 GMT
            Not After : Dec  5 16:25:54 2022 GMT
        Subject: CN=Fedora Secure Boot CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f5:f7:52:81:a9:5c:3e:2b:f7:1d:55:f4:5a:
                    68:84:2d:bc:8b:76:96:85:0d:27:b8:18:a5:cd:c1:
                    83:b2:8c:27:5d:23:0a:d1:12:0a:75:98:a2:e6:5d:
                    01:8a:f4:d9:9f:fc:70:bc:c3:c4:17:7b:02:b5:13:
                    c4:51:92:e0:c0:05:74:b9:2e:3d:24:78:a0:79:73:
                    94:c0:c2:2b:b2:82:a7:f4:ab:67:4a:22:f3:64:cd:
                    c3:f9:0c:26:01:bf:1b:d5:3d:39:bf:c9:fa:fb:5e:
                    52:b9:a4:48:fb:13:bf:87:29:0a:64:ef:21:7b:bc:
                    1e:16:7b:88:4f:f1:40:2b:d9:22:15:47:4e:84:f6:
                    24:1c:4d:53:16:5a:b1:29:bb:5e:7d:7f:c0:d4:e2:
                    d5:79:af:59:73:02:dc:b7:48:bf:ae:2b:70:c1:fa:
                    74:7f:79:f5:ee:23:d0:03:05:b1:79:18:4f:fd:4f:
                    2f:e2:63:19:4d:77:ba:c1:2c:8b:b3:d9:05:2e:d9:
                    d8:b6:51:13:bf:ce:36:67:97:e4:ad:58:56:07:ab:
                    d0:8c:66:12:49:dc:91:68:b4:c8:ea:dd:9c:c0:81:
                    c6:91:5b:db:12:78:db:ff:c1:af:08:16:fc:70:13:
                    97:5b:57:ad:6b:44:98:7e:1f:ec:ed:46:66:95:0f:
                    05:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                CA Issuers - URI:https://fedoraproject.org/wiki/Features/SecureBoot

            X509v3 Authority Key Identifier: 
                keyid:FD:E3:25:99:C2:D6:1D:B1:BF:58:07:33:5D:7B:20:E4:CD:96:3B:42

            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Subject Key Identifier: 
                FD:E3:25:99:C2:D6:1D:B1:BF:58:07:33:5D:7B:20:E4:CD:96:3B:42
    Signature Algorithm: sha256WithRSAEncryption
         37:77:f0:3a:41:a2:1c:9f:71:3b:d6:9b:95:b5:15:df:4a:b6:
         f4:d1:51:ba:0d:04:da:9c:b2:23:f0:f3:34:59:8d:b8:d4:9a:
         75:74:65:80:17:61:3a:c1:96:7f:a7:c1:2b:d3:1a:d6:60:3c:
         71:3a:a4:c4:e3:39:03:02:15:12:08:1f:4e:cd:97:50:f8:ff:
         50:cc:b6:3e:03:7d:7a:e7:82:7a:c2:67:be:c9:0e:11:0f:16:
         2e:1e:a9:f2:6e:fe:04:bd:ea:9e:f4:a9:b3:d9:d4:61:57:08:
         87:c4:98:d8:a2:99:64:de:15:54:8d:57:79:14:1f:fa:0d:4d:
         6b:cd:98:35:f5:0c:06:bd:f3:31:d6:fe:05:1f:60:90:b6:1e:
         10:f7:24:e0:3c:f6:33:50:cd:44:c2:71:18:51:bd:18:31:81:
         1e:32:e1:e6:9f:f9:9c:02:53:b4:e5:6a:41:d6:65:b4:2e:f1:
         cf:b3:b8:82:b0:a3:96:e2:24:d8:83:ae:06:5b:b3:24:74:4d:
         d1:a4:0a:1d:0a:32:1b:75:a2:96:d1:0e:3e:e1:30:c3:18:e8:
         cb:53:c4:0b:00:ad:7e:ad:c8:49:41:ef:97:69:bd:13:5f:ef:
         ef:3c:da:60:05:d8:92:fc:da:6a:ea:48:3f:0e:3e:73:77:fd:
         a6:89:e9:3f

sudo cat /proc/keys:

0234c79f I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
039c00fe I--Q---     4 perm 3f030000     0     0 keyring   _ses: 1
03ab10e5 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
06bc3e3b I--Q---     1 perm 1f3f0000     0 65534 keyring   _uid_ses.0: 1
0780e17d I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
07bf62e1 I------     1 perm 1f0b0000     0     0 keyring   .blacklist: empty
0ae980e1 I------     1 perm 1f030000     0     0 asymmetri sforshee: 00b28ddf47aef9cea7: X509.rsa []
0e605083 I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
113791d8 I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
11deafb6 I------     1 perm 1f0b0000     0     0 keyring   .builtin_regdb_keys: 1
13c6f543 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
151375a1 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
15447179 I--Q---     3 perm 1f3f0000     0 65534 keyring   _uid.0: empty
17cad795 I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
17f2f258 I--Q---    12 perm 3f030000     0     0 keyring   _ses: 1
18e7fe91 I--Q---     1 perm 3f030000     0     0 keyring   _ses: 2
1b7fa1cf I--Q---    80 perm 3f030000  1000   985 keyring   _ses: 1
1ba8e3bc I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
1db7b7ea I--Q---     4 perm 1f3f0000  1000 65534 keyring   _uid.1000: empty
1e44ead1 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
1fc4383f I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
2029dd28 I--Q---     4 perm 3f030000     0     0 keyring   _ses: 1
21270038 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
2230acc6 I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
22f1e510 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
2311d4c0 I------     1 perm 1f0f0000     0     0 keyring   .secondary_trusted_keys: 1
24d5f2fc I------     2 perm 1f0b0000     0     0 keyring   .builtin_trusted_keys: 1
258cd717 I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
26aa10b5 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
2aa5d9ac I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
2d224ec5 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
2ed0156d I--Q---     2 perm 3f030000     0     0 keyring   _ses: 1
3004b863 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
339f79bb I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
36d50737 I--Q---     6 perm 3f030000     0     0 keyring   _ses: 1
373aa376 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
39be7bef I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
3d9385d6 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
3e5b4c2a I------     1 perm 1f030000     0     0 asymmetri Build time autogenerated kernel key: 4024ce463c4ca8bf03bb78eb9a2465b58d864fcd: X509.rsa 8d864fcd []

건물/서명 모두 오류가 발생하지 않습니다. 키는 MokManager에 의해 로드된 것으로 보입니다( 의 키 3 참조 mokutil -l). 이것을 어떻게 해석해야 할지 잘 모르겠지만 /proc/keys위험 신호가 있는 경우를 대비해 포함했습니다. 그러나 실제로 모듈을 로드하려고 하면 여전히 오류가 발생합니다.

$ sudo modprobe veikk
modprobe: ERROR: could not insert 'veikk': Required key not available

왜 이런 일이 발생합니까?

도움이 된다면 Arch Linux(커널 5.1.5)를 실행하고 있으며 보안 부팅이 작동하도록 shim 및 mokmanager를 설치하고 커널 구성을 사용합니다 module.sig_enforce=1. (보안 부팅이 비활성화되면 모듈 서명이 작동하지만 보안 부팅이 활성화된 상태에서 다른 사람들이 모듈에 서명하도록 도우려고 합니다.)

편집하다: 키를 생성할 때 오류가 발생했다는 것을 방금 깨달았습니다.

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes  -subj "/CN=Owner/"

인수 는 1개여야 하며 -days, 그렇지 않으면 0입니다( mokutils -l출력 참조). 하지만 이 명령도 작동하지 않습니다(그러나 유효한 시간 범위를 제공합니다).

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Owner/"

관련 정보