since kernel signing ist activated i can’t insert my self compiled kernelmodul.
I see the error “modprobe: ERROR: could not insert ‘rtl8812au’: Required key not available”
How can i sign this kernelmodul.
In other Destis like Ubuntu, Debian Redhat or SuSe can i use the file sign-file and mokutil to insert self created key for this file.
The whole kernel needs to be built in one go and is signed with a key that is later destroyed. An attacker can therefore no longer build any own modules or root kits against the IPFire kernel and attack a system with it.
Correct, but i can’t update or i must change the firewall to other Destri. I will not stay by the old core but i can’t do without wifi asccesspoint.
Why does everyone always have to tell you what is good for me and what is not? I do not understand that.
The core devs decided to sign the kernel and to do it the way Michael posted above.
If you want support for specific hardware by kernel modules, these must be integrated into the system.
The signing is active now for some time. Why didn’t you ask for the kernel support of your device since then?
It has nothing to do with telling you, what is good for you. It is just a design decision like using the LFS model.
He has already asked long time ago but i have not found the time to add this driver.
You have to integrate the build of the module into the build process to sign the module properly. An example is the xtables-addons lfs file which build and sign some modules. After build you have to exchange the whole kernel because the key is changed at every kernel build.
Best is to send in a patch. If the driver is gpl compatible and we can include it.
please refer to wiki.ipfire.org - Development if you need further information regarding development procedures. In case of problems not explained there, just drop us a line.
ok, but how install the kernel? I can’t find update-grub[2].
I can copy all files from /usr/share/git-core/ipfire-2.x/build/boot/ to /boot and then?
IMHO will ipfire not start after reboot when the new kernel isn’t install with update-grub.
Greetings
Arne answered your question regarding what you will need to do (copy the whole kernel) and he even said that this driver will be integrated at some time.
What more can you want?
This is a support forum where people help each other to configure IPFire…
No, if I just copy the kernel, ipfire will not start. If I copy the kernel and initramfs, ipfire will not start, too. Then when I update grub configuration the new kernel has no modules at all that are signed. When I asked how I can integrate the kernel correctly, there was no answer.
I built some kernels myself and actually have no problems with that. But never signed. The request for the module is now 2 years ago and nothing has solved. Even if other users (in the old forum and also here) givin a nitice that they want the module, there is not even an answer. That is the sad thing.