[elrepo] Importing keys to run kmod-nvidia with UEFI
Nicolas Brack
nicolas.brack at mail.be
Tue Oct 31 02:47:35 EDT 2017
Hello, having repeated crashes with Qt5 and the nouveau driver, I'm trying to install from ELRepo the kmod-nvidia driver/module. However I installed linux with uefi which prevents me to load the non-signed driver.
Following the help from the IRC channel and this page's advice : https://www.elrepo.org/tiki/SecureBootKey , I run the command
mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der
However at bootup, I cannot see the "Shim UEFI Key management" screen. Instead I drop on grub immediately after the bios bootup screen. Now the key is already enrolled as trying to adding it again result in :
/etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der is already in the enrolment request
I cannot see the key in mokutil --list-enrolled but I can see it in mokutil --list-new. See their output in the attached text files. What might be the issue ? What can I do ? Any help is welcome. Until then, I'll have to work on windows (T_T)
Thank you !
-------------- next part --------------
7 keys in keyring:
534004559: --alswrv 0 0 asymmetric: CentOS Linux kpatch signing key: ea0413152cde1d98ebdca3fe6f0230904c9ef717
679370567: --alswrv 0 0 asymmetric: Red Hat Inc.: 1ff96dd8d1b2327228c04b03a772dbb2dbb79b1f
505472776: --alswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63
162703854: --alswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
1008960784: --alswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
469302569: --alswrv 0 0 asymmetric: CentOS Linux kernel signing key: c757a9fbbd0d82c9e54052029a0908d17cf1adc7
383205747: --alswrv 0 0 asymmetric: CentOS Linux Driver update signing key: 7f421ee0ab69461574bb358861dbe77762a4201b
-------------- next part --------------
[key 1]
SHA1 Fingerprint: 6e:91:05:eb:51:e5:5a:46:76:18:38:f2:89:a9:17:61:1c:ad:80:91
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:d8:7c:fd:dc:4b:c9:6f:ee:cf:cc:cf:25:30:35:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)
Validity
Not Before: Jun 3 00:00:00 2014 GMT
Not After : Jun 7 12:00:00 2017 GMT
Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2945436/street=100 East Davie Street/postalCode=27601, C=US, ST=North Carolina, L=Raleigh, O=Red Hat Inc., CN=Red Hat Inc.
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:93:80:b9:59:8f:05:e6:b9:2b:15:91:78:67:
63:d3:62:88:bf:df:aa:a2:32:d6:e8:43:c0:e1:b0:
85:b9:14:3c:85:1c:1b:74:b6:68:65:2a:03:83:aa:
c2:87:b5:a0:e2:76:92:5f:91:42:ea:e6:80:15:d2:
74:8f:b4:6a:ae:3f:de:3b:99:89:cd:6e:4a:a5:fb:
1a:3c:03:32:b0:52:80:7c:4e:68:67:78:ca:31:04:
a5:90:ff:bc:24:ad:80:98:14:e3:d2:72:32:4b:a3:
4f:98:be:6d:16:e0:ff:10:4c:46:a7:4e:37:c2:75:
92:40:e0:3a:11:6a:19:5b:04:b9:00:e1:96:e7:e6:
e2:a2:31:56:c1:88:ea:da:45:71:a7:db:9e:73:61:
f0:48:9f:14:7c:7e:83:49:d2:99:74:47:86:4c:a5:
cc:84:57:69:86:f0:85:6a:c7:91:66:42:53:b0:a5:
7a:63:52:dd:71:a1:e7:fc:f9:0b:f9:69:73:e8:83:
98:4a:a1:79:3a:98:99:0f:41:12:1f:97:7b:91:6c:
51:9b:f5:de:ad:93:23:67:66:3b:a0:db:9a:33:19:
7c:6d:f3:08:22:5a:84:ac:3e:03:c8:c9:19:ea:50:
82:cf:97:c0:b7:c9:88:c6:c9:b7:4c:36:14:7a:2f:
6f:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:8F:E8:7E:F0:6D:32:6A:00:05:23:C7:70:97:6A:3A:90:FF:6B:EA:D4
X509v3 Subject Key Identifier:
1F:F9:6D:D8:D1:B2:32:72:28:C0:4B:03:A7:72:DB:B2:DB:B7:9B:1F
X509v3 Subject Alternative Name:
othername:<unsupported>
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl
Full Name:
URI:http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.3.2
CPS: https://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
72:9c:ec:f6:4b:33:81:8d:eb:fb:23:1b:6b:29:08:82:c7:69:
6f:f0:ba:06:e4:c2:0b:40:94:ee:7a:9c:b2:a0:c7:1b:54:32:
63:d9:aa:c0:d1:6f:19:41:f0:a5:46:35:2d:f6:a9:4b:7d:b0:
9b:00:9c:a4:e7:b3:49:65:11:b2:4d:fe:a8:c6:9f:f5:27:93:
73:e0:f1:58:14:fa:8f:a1:d1:c1:5e:07:e2:d8:97:9f:04:0e:
96:01:d6:0a:18:ab:04:fe:ab:40:99:83:ec:bf:92:c0:83:70:
26:4a:44:c2:2d:d1:ae:13:5e:79:58:5c:c3:d4:68:70:28:41:
02:e3:89:7c:42:24:36:c4:7a:06:24:ef:c4:5a:86:c1:41:4b:
e9:9b:1c:e1:d7:0b:b7:39:c8:03:fd:31:89:a0:4f:a3:aa:6d:
6a:2a:f3:2a:0c:a2:e1:f0:19:61:b9:7f:91:3f:47:f8:d0:01:
9c:77:e6:1f:db:63:64:84:cd:28:fb:77:24:f4:e8:d2:9c:15:
4c:03:c5:a5:6c:52:ef:cf:b0:c1:fa:be:7c:c7:88:12:c6:9e:
dc:be:8e:45:be:ad:66:57:68:3e:71:44:91:ef:3c:0d:00:b4:
01:4f:45:37:70:c8:9d:42:50:03:89:b3:27:6b:0a:63:29:c4:
bb:5a:c0:ce
-------------- next part --------------
[key 1]
SHA1 Fingerprint: e1:21:a2:f6:07:2e:f2:94:de:20:0e:6b:5d:1b:49:c0:65:dc:e3:e7
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e9:d4:71:cf:b4:fe:13:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=The ELRepo Project (http://elrepo.org), CN=ELRepo.org Secure Boot Key/emailAddress=secure at elrepo.org
Validity
Not Before: Jul 3 08:20:36 2014 GMT
Not After : Jun 28 08:20:36 2034 GMT
Subject: O=The ELRepo Project (http://elrepo.org), CN=ELRepo.org Secure Boot Key/emailAddress=secure at elrepo.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d5:2c:67:c5:5b:b0:5c:8a:96:66:9b:f7:50:ab:
a1:01:10:ef:e6:b2:9b:6d:41:0a:71:f1:97:f2:40:
f1:69:8e:f6:e4:7e:f2:e1:b3:6d:85:52:a7:d6:4e:
62:6c:4e:b6:b1:6d:32:e7:73:57:01:59:d4:e2:31:
20:59:0c:9c:77:84:e6:22:ca:e1:c7:bb:3a:4b:05:
18:6e:75:f9:d3:8e:93:c6:90:69:5c:bb:94:ef:34:
78:6f:37:47:5d:68:f0:eb:73:fc:ed:3c:8d:72:ea:
cc:7f:a5:33:1c:7f:45:0a:9b:02:2b:8a:d2:cc:b6:
6e:fd:6e:2c:4e:16:75:e4:37:8d:2b:09:4f:6c:0d:
7b:2e:61:98:a3:a6:15:2f:7b:c7:11:97:34:aa:f9:
36:62:93:a3:23:ad:ae:91:8c:bc:6f:5a:b6:9a:e5:
61:bb:7e:37:d1:d7:fb:eb:ba:71:cf:21:97:3d:3c:
df:a4:8c:dd:d1:29:00:25:b1:67:94:a1:5c:f0:e0:
2b:86:80:45:da:50:0d:6c:77:22:1f:bf:7c:81:3f:
a0:10:00:17:41:14:6e:87:d6:ae:14:c9:1d:97:75:
d3:16:4a:e4:a4:6d:08:f3:86:dc:93:d8:c9:d4:58:
bf:24:20:da:7e:43:22:1b:05:cd:14:12:23:f7:72:
a3:cf:dc:a1:07:84:a0:e7:64:b3:cb:88:fb:a3:78:
3c:6c:08:cd:67:40:cb:d3:ec:d5:24:a4:04:f5:b6:
46:a5:21:92:15:ff:49:cd:12:67:62:fa:7c:22:b5:
15:3d:fb:7a:fd:6d:b2:07:d2:0e:9f:46:6e:41:f5:
5e:a9:38:ae:e9:51:04:7c:b3:ee:0d:cc:dc:7a:7b:
81:a0:b8:cb:f0:f9:73:cd:5b:03:4f:d1:bb:e6:2a:
9f:eb:54:00:33:31:33:7d:97:b1:21:b8:8b:3f:5b:
02:f2:f0:e3:4f:06:08:12:6a:9b:3d:ff:ed:32:03:
5c:4b:6a:b5:b6:2e:60:34:37:46:08:e5:02:98:fb:
46:e9:46:0c:fa:18:bc:fd:02:35:69:33:91:d5:7c:
85:d5:bd:ab:74:89:0e:b7:26:90:ab:1e:93:dc:7b:
0e:39:59:1b:0e:b1:35:9b:61:a4:1a:bc:61:ad:e5:
b6:ea:b9:09:81:fb:05:05:34:a6:5e:00:0b:6e:a3:
93:28:08:5f:db:43:0c:00:51:45:79:2e:f1:e0:7b:
93:44:d9:dd:bb:0c:8a:e7:82:ad:ac:f6:63:fe:61:
1f:af:31:9a:a9:df:cf:0b:94:5d:9c:20:91:6f:1d:
14:ae:8b:ed:d0:40:cc:9e:69:aa:85:75:05:13:15:
b2:54:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
F3:65:AD:34:81:A7:B2:0E:34:27:B6:1B:2A:26:63:5B:83:FE:42:7B
X509v3 Authority Key Identifier:
keyid:F3:65:AD:34:81:A7:B2:0E:34:27:B6:1B:2A:26:63:5B:83:FE:42:7B
Signature Algorithm: sha256WithRSAEncryption
bd:87:c9:b0:10:7f:9b:b7:79:0d:2e:03:0e:92:ad:90:73:d5:
9a:3b:bc:2f:2e:67:14:c1:31:8f:75:69:6d:7e:74:39:7c:15:
dd:7b:c1:a3:ad:68:aa:54:50:99:43:18:be:b2:ce:2f:dc:7f:
9f:48:13:d4:91:00:82:6b:2d:1b:9a:45:1b:d3:bd:70:c5:f9:
5d:eb:f4:ed:c0:7b:c0:e7:90:41:8e:6c:a5:46:9a:92:c6:83:
41:0a:4a:57:61:04:a0:40:28:8d:6c:a9:68:02:9c:52:df:47:
96:9b:a7:1d:b6:28:fd:a3:37:32:26:92:97:77:65:8e:1e:06:
b0:f8:5b:72:1e:2d:58:c0:74:ca:c2:ef:26:83:60:e4:85:4f:
cd:35:d1:fd:df:15:7c:82:c6:91:aa:90:fb:87:35:00:eb:26:
9c:0d:a8:b4:79:f7:62:85:a4:31:7b:42:ff:7c:ea:38:5f:91:
4f:b1:4b:d0:49:9f:5c:aa:2c:9f:79:91:e9:8c:42:20:eb:f9:
df:6c:35:2d:3b:51:57:aa:4b:94:85:21:a9:55:84:31:e7:a0:
92:59:7a:04:0b:4e:1b:e3:ac:a0:4a:c6:84:ce:cb:71:21:7b:
0b:68:8a:c4:46:ec:c3:af:e6:40:2a:3f:e5:a3:75:1f:99:b9:
51:99:de:30:df:c8:37:1a:7a:3f:97:03:73:7a:1d:c0:ff:4f:
3d:82:a1:13:8a:02:4a:41:fa:17:61:a1:81:1c:bc:99:d0:45:
1f:45:6a:41:1d:93:84:66:2d:2f:b6:85:c7:bf:4c:0b:cd:f6:
57:27:de:9e:b0:e1:b3:d1:a6:e8:5d:7d:ac:98:e9:df:27:31:
cc:6f:22:10:a6:7c:e4:85:94:cf:f6:20:55:af:bd:0a:72:94:
40:f1:d8:a5:3f:44:67:e6:29:2b:33:ac:2a:ea:ed:c5:9c:c5:
5f:62:18:a6:a2:0d:a3:77:1b:b8:88:7d:2b:0f:47:e4:c5:cc:
f2:46:bc:83:e2:0c:59:f5:7e:9f:ba:36:4c:d4:62:83:f9:25:
60:8b:27:ad:f6:b7:68:d4:38:a8:ca:69:d2:34:71:e2:56:af:
9f:16:1b:a0:53:1b:a3:95:95:5b:1b:0f:d6:bc:d2:fa:61:cd:
42:cb:a1:cc:f6:fe:c5:4c:48:34:d5:43:82:59:13:71:e3:7b:
d4:0a:7f:e3:0a:b1:aa:50:04:65:97:08:88:49:50:74:c7:5a:
ba:e2:79:ac:a2:90:d4:4e:7e:91:79:d4:03:5a:6b:ec:9a:6d:
84:15:76:2f:61:88:20:19:20:20:b7:e3:a7:b9:9f:79:63:09:
9b:2b:01:a2:01:53:6a:d0
More information about the elrepo
mailing list