System and Network configuration • Re: Help with compiling a signed vanilla kernel

Therefore, the signing command (failing in your building) should be:

Code:

scripts/sign-file "sha256"  "certs/mok.pem" certs/signing_key.x509  debian/linux-image-6.10.4-iacchi/lib/modules/6.10.4-iacchi/kernel/arch/x86/events/amd/power.ko

You can try it manually to understand why it is failing (if it generate more diagnostic messages).

Ok, so, here's what happens when I run that command:The error is quite different from before, but I'm not quite sure what to make of it, given the difference. For reference, inside crypto there is no bio folder at all.

The config file (which, again, it's mostly Debian's) is here: https://forums.debian.net/app.php/paste ... view&s=115

looking at the command, there's one thing I don't understand (due to my ignorance in this): you can choose the signing key, which in this case is certs/mok.pem, but you cannot choose the x509 certificate (I think it's a certificate?), which is always certs/signing_key.x509. Now, signing_key.x509 is completely unrelated to mok.pem, and I wonder if this is an issue? BTW, mok.pem is a certificate in pem format, not a private key (that would be mok.key from dkms), but if I understand correctly that's not what the kernel/config/script wants. I've also tried to indicate the key file rather than the cert in the config file, but that doesn't work either (it fails before it even tries to sign something).

EDIT: if I try to run the command with mok.key and mok.pem as key and certificate, the result is the same:

Statistics: Posted by iacchi — 2024-08-14 12:34

---