Mokutil key not being registered with Centos 7 secure boot

Support for security such as Firewalls and securing linux
Post Reply
BigDog
Posts: 7
Joined: 2019/01/24 03:18:57

Mokutil key not being registered with Centos 7 secure boot

Post by BigDog » 2020/09/12 09:47:24

Hi All

I have a Centos 7 laptop with the latest mainline kernel installed (5.8.5-1.el7.elrepo.x86_64 #1) installed. As this kernel is not signed when i enable SecureBoot the OS is unable to boot. To fix this I tried to follow the below commands

1. mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der
2. Entered password
3. Rebooted
4. Enrolled the key via the SHIM UEFI key management screen
5. Booted into laptop with secureboot still disabled and checked to see if key was enrolled successfully using "mokutil -list-enrolled"
6. Rebooted into BIOS and switched on secure boot
7. Booting into mainline kernel still shows error below
"error: vmlinuz-5.8.3-1.el7.elrepo.x86_64 has invalid signature
error: you need to load the kernel first"

Any thoughts as to where I am going wrong here?

Thanks

BigDog

User avatar
TrevorH
Forum Moderator
Posts: 29493
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Mokutil key not being registered with Centos 7 secure boot

Post by TrevorH » 2020/09/12 13:55:42

CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”