[elrepo] Using kmod-wl in EL7 - stuck on mokutil "Failed to enroll new keys"

Robert Nichols rnicholsNOSPAM at comcast.net
Fri Apr 13 23:31:06 EDT 2018


On 04/13/2018 04:39 PM, Akemi Yagi wrote:
> On Fri, Apr 13, 2018 at 12:50 PM, Robert Nichols
> <rnicholsNOSPAM at comcast.net> wrote:
>> I've gone through the steps on the elrepo.org/tiki/wl-kmod page, but cannot
>> load the new wl module. Running "mokutil --import
>> /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.ord.der" just gets "Failed to enroll
>> new keys".
>>
>> The elrepo.org/tiki/SecureBootKey page references a subscriber-only Red Hat
>> page for help. Any help for someone who cannot read that page? (Yes, I know
>> about "Just turn off secure boot." Looking for an actual answer.)
> 
> You should be able to follow the instructions on the SecureBootKey
> page without having to see any Red Hat page.

Indeed I can follow the instructions just fine. It's the result that is wrong. I verify that "mokutil --sb-state" returns "SecureBoot enabled", check that the SECURE-BOOT-KEY-elrepo.org.der file installed by the elrepo-release package is in the right place, run "mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der", and enter a password twice. The result is invariably, "Failed to enroll new keys".

> However there is a known bug if your are running CentOS. The detail is
> in this CentOS bug report:
> 
> https://bugs.centos.org/view.php?id=14050
> 
> A workaround is to downgrade mokutils/shim. Look for a note by TrevorH
> regarding how this is done.

I don't get far enough to run into that bug. Thanks for the workaround, though, if I ever get to that point.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.



More information about the elrepo mailing list