I'm creating the /root/mok.der key (in Sid dkms changed to /root/dkms.der) and
try to register it with mokutil during a custom installation. I tried the preseed/late_command and I also tried a script with simple-cdd. But in all cases I get on UEFI systems (real hardware included):
EFI variables are not supported on this system
and have to enroll it after the first boot. Only then the modules built and signed are loaded.
I tried loading the efivarfs module via preseed/early_command and I can confirm
that /sys/firmware/efi/efivars/ is actually there (but epmty).
I'd really appreciate to enroll the key *during* installation, while the Debian
installer is running. Is there any way I can do this?
modprobe efivarfs || true
mount -t efivarfs efivarfs /target/sys/firmware/efi/efivars || true
test -e /target/root/mok.der || exit 0
in-target echo "Enroll DKMS mok.der key" >&2
in-target sh -c "printf 'Pass\nPass\n' | /usr/bin/mokutil --import /root/mok.der"
umount /target/sys/firmware/efi/efivars || true
I'd like to use 'mokutil --import <file> --root-pw', but that fails with something like "Failed to get root password hash", so I have to set the password directly. Any idea about the error message and how to fix it?
|Location:||Huddersfield, West Yorkshire, UK|
|Nodes:||8 (1 / 7)|