[elrepo] Announcement: EL7 Updated elrepo-release package supporting Secure Boot
Phil Perry
phil at elrepo.org
Tue Jul 8 06:13:51 EDT 2014
Announcing the release of an updated elrepo-release package for el7.
http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
This updated package is currently syncing to the mirrors.
This package now includes The ELRepo Project's public key for Secure
Boot module signing.
/etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der
Future kernel modules will be signed with our Secure Boot signing key.
In order to use these modules (kmod packages) with Secure Boot enabled,
system administrators must import the elrepo Secure Boot public key into
their Machine Owner Key (MOK) list. Details can be found in the RHEL7
System Administrators Guide documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
Users will need to run:
# mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der
and reboot the machine.
On systems where Secure Boot is disabled, signed elrepo modules will
produce the following warning in the message log:
Request for unknown module key 'The ELRepo Project (http://elrepo.org):
ELRepo.org Secure Boot Key: f365ad3481a7b20e3427b61b2a26635b83fe427b'
err -11
This warning can be safely ignored where Secure Boot is disabled.
You can apply this update by:
yum --enablerepo=elrepo update elrepo-release
Thank you,
The ELRepo Team.
More information about the elrepo
mailing list