CentOS

OS: CentOS 7.5

I need some help.

My project need secure boot with custom key, so bios secure boot is enable,and because need modify kernel so rebuild kernel source myself follow below website.

path: https://wiki.centos.org/zh-tw/HowTos/Custom_Kernel

but can't boot because invalid signature when secure boot enable.

Even though search about "secure boot" information on google, I don't what to do...

shim or bootx64.efi need to sign? add private or anything to database?

or i need to modify kernel.spec

Source13: centos-ca-secureboot.der
Source14: centossecureboot001.crt

create der and crt with custom private key to replace this file?

I can't found more detail official information , about secure boot in centos 7.

The key security mechanism and secure boot are just like the language of another world. The information on the Internet is too fragmented, especially in Linux. I need some direction or help.

someone can help?

I also need that information. Seems I figured out how I can create centos-ca-secureboot.der certificate. But I need information how I can generate centossecureboot001.crt for kernel and grub signing. Can anybody provide us a detailed information about how I can install Linux on UEFI hardware using signed shim, grub, kernel. How I can sign it? I agree with jack.jan that the information on the Internet is too fragmented.

CentOS is already secure boot enabled and does not require any modification.

For by-default CentOS it is signed and could bring up after installation.
But if re-compile a new kernel we need to sign it otherwise we can not boot it up. I have the same issue.....

You need to compile and sign your new kernel. Then, you have to find a way to make your signature trusted.

I think that you might find more info here .