since kernel signing ist activated i can’t insert my self compiled kernelmodul.
I see the error “modprobe: ERROR: could not insert ‘rtl8812au’: Required key not available”
How can i sign this kernelmodul.
In other Destis like Ubuntu, Debian Redhat or SuSe can i use the file sign-file and mokutil to insert self created key for this file.
Thanks in Advance
No that is not possible due to security reasons.
The whole kernel needs to be built in one go and is signed with a key that is later destroyed. An attacker can therefore no longer build any own modules or root kits against the IPFire kernel and attack a system with it.
What hardware are you trying to use?
this ist really importend for me. Without a 5Ghz Accesspoint (blue) directly on the firewall is the security for the green and orange network not guaranteed.
Here my hardward:
If you meantime not already done, i recommend update to core 146 first.
No, i can’t update to Core 146. Since Core 142 is kernelsigning active and my Accesspoint down.
Pls see my second firewall (https://fireinfo.ipfire.org/profile/24332c284f2769d8c97e0e970ea56b8373be00ca)
Here is no RTL8812AU interface activ…
I do not carefully read your posting. I saw security… and core 141… This happens if you think you must send a quick smile to the world. Sorry
Correct, but i can’t update or i must change the firewall to other Destri. I will not stay by the old core but i can’t do without wifi asccesspoint.
Why does everyone always have to tell you what is good for me and what is not? I do not understand that.
The core devs decided to sign the kernel and to do it the way Michael posted above.
If you want support for specific hardware by kernel modules, these must be integrated into the system.
The signing is active now for some time. Why didn’t you ask for the kernel support of your device since then?
It has nothing to do with telling you, what is good for you. It is just a design decision like using the LFS model.
He has already asked long time ago but i have not found the time to add this driver.
You have to integrate the build of the module into the build process to sign the module properly. An example is the xtables-addons lfs file which build and sign some modules. After build you have to exchange the whole kernel because the key is changed at every kernel build.
Best is to send in a patch. If the driver is gpl compatible and we can include it.
Or there are compatible wireless modules which are available for only a few Euros:
thanks for Answer. I will read in and try to install the module. If that worked, I’ll send the patch.
i know this list but no one of the USB-Sticks in this list worked as ap-Mode in 5GHz. Please see my post in forum. (https://forum.ipfire.org/viewtopic.php?f=17&t=23077&p=125985&hilit=RTL#p1)
If that worked, I’ll send the patch.
please refer to https://wiki.ipfire.org/devel/ if you need further information regarding development procedures. In case of problems not explained there, just drop us a line.
Thanks, and best regards,
I’m to stupid.
modinfo said the modul is signed
author: Realtek Semiconductor Corp.
description: Realtek Wireless Lan Driver
vermagic: 4.14.184-ipfire SMP mod_unload modversions
signer: Build time autogenerated kernel key
sig_key: 18:20:CC:65:90:3F:34:A9:8F:40:DA:3B:04:3F:37:XX:XX:XX… (X from me)
signature: 21:74:72:0D:0C:FD:9C:E4:72:72:XX:XX:XX (X from me)
modprobe: ERROR: could not insert ‘rtl8812au’: Required key not available
Thanks a lot
you have to copy the whole kernel from this build not just the module.
ok, but how install the kernel? I can’t find update-grub.
I can copy all files from /usr/share/git-core/ipfire-2.x/build/boot/ to /boot and then?
IMHO will ipfire not start after reboot when the new kernel isn’t install with update-grub.
I’m also interested in adding support for rtl8812au driver into main kernel. I have a TP-link Archer T2U Nano AC600 USB Wireless adapter which I want to use it as an AP. There are many wifi devices using this driver https://deviwiki.com/wiki/Special:Ask?title=Special%3AAsk&q=[[Chip1+model::RTL8812AU]]&po=%3FInterface
It is a pity that user requests are not really dealt with or that the user is left hanging in the event of problems. I’m really very disappointed.
I don’t understand why you are disappointed.
Arne answered your question regarding what you will need to do (copy the whole kernel) and he even said that this driver will be integrated at some time.
What more can you want?
This is a support forum where people help each other to configure IPFire…
No, if I just copy the kernel, ipfire will not start. If I copy the kernel and initramfs, ipfire will not start, too. Then when I update grub configuration the new kernel has no modules at all that are signed. When I asked how I can integrate the kernel correctly, there was no answer.
I built some kernels myself and actually have no problems with that. But never signed. The request for the module is now 2 years ago and nothing has solved. Even if other users (in the old forum and also here) givin a nitice that they want the module, there is not even an answer. That is the sad thing.