Mint 17.X, 18.X and 19.X (but also Ubuntu) Full Disk Encryption (directory /boot included)

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
dobp
Level 1
Level 1
Posts: 3
Joined: Thu Sep 26, 2019 1:32 pm

Re: Mint 17.X, 18.X and 19.X (but also Ubuntu) Full Disk Encryption (directory /boot included)

Post by dobp » Thu Sep 26, 2019 8:44 pm

Linux22, would you be able to give me some clues on how to sign additional drivers to make them work with Secure Boot once all the initial setup has already be done (following Method 1 of the Appendix A of your tutorial)?
In particular, on the machine described in the previous post should be added Virtualbox 6.0, which needs to have its driver signed to in order work with SecureBoot enabled.
A solution is proposed at https://stegard.net/2016/10/virtualbox- ... untu-fail/, but it does not work out of the box on the given machine. Maybe with the tools you recommend using in your tutorial?

linux22
Level 1
Level 1
Posts: 30
Joined: Mon Jun 08, 2015 2:41 pm

Re: Mint 17.X, 18.X and 19.X (but also Ubuntu) Full Disk Encryption (directory /boot included)

Post by linux22 » Thu Oct 03, 2019 8:13 am

Hello dobp, I have read your message. I think that if you have installed your system following Method 1 of the Appendix A of my tutorial https://community.linuxmint.com/tutorial/view/2360 you can try and sign your VirtualBox kernel modules with your own custom keys,
but you must remember two things:

1) it seems that linux kernel modules must be signed with "kmodsign" tool

2) "kmodsign" need certificates in DER format

For more detail see https://wiki.ubuntu.com/UEFI/SecureBoot/Signing

Update:
Other sources says that kernel modules can be signed with the "scripts/sign-file" script.
For more details see first https://www.kernel.org/doc/html/v4.15/a ... gning.html


I never did this before, because I simply disable Secure Boot when I need to use VirtualBox.


Please keep me informed about your progress.

Regards.

linux22

Post Reply

Return to “Tutorials”