Package: linux-image-5.2.0-0.bpo.3-amd64
Version: 5.2.17-1~bpo10+1
Hello!
The kernel module that I sign is not loading:
sproot@matrix:~$ LANG=C sudo modprobe -v vmmon
insmod /lib/modules/5.2.0-0.bpo.3-amd64/misc/vmmon.ko
modprobe: ERROR: could not insert 'vmmon': Operation not permitted
sproot@matrix:~$
sproot@matrix:~$ sudo modinfo vmmon
filename: /lib/modules/5.2.0-0.bpo.3-amd64/misc/vmmon.ko
supported: external
license: GPL v2
description: VMware Virtual Machine Monitor.
author: VMware, Inc.
depends:
retpoline: Y
name: vmmon
vermagic: 5.2.0-0.bpo.3-amd64 SMP mod_unload modversions
sig_id: PKCS#7
signer: Maxim S Medvedev
sig_key: 1C:01:6A:74:1B:3F:EB:2E:88:25:D3:33:2C:6E:1B:18:B3:00:7A:10
sig_hashalgo: sha256
signature: B5:AC:8A:F6:D1:EB:F0:E9:B5:36:01:2E:45:C6:FD:95:09:24:1B:6E:
F2:F0:59:D2:0B:20:57:C6:0B:5B:E5:0C:9E:F1:F0:5F:66:70:FF:65:
B3:D0:B0:22:55:5A:8A:3F:21:6A:B8:FB:77:2D:63:51:39:CA:2D:CE:
B3:15:4D:09:DE:A8:9E:8B:C5:E3:DD:4C:CD:5A:8A:25:7E:B4:0B:BB:
09:93:64:84:28:DF:E3:9F:B9:4A:63:A3:27:2A:43:F1:7D:24:86:F3:
0A:4E:CB:D6:F8:DF:4C:D1:AE:BE:E4:29:D9:1F:B7:12:4E:AC:03:4A:
4C:E7:C5:48:26:1B:4B:1C:06:48:03:0C:87:70:51:7C:82:F4:9B:0F:
35:CE:43:61:F0:8A:82:90:1F:0F:09:53:C7:33:CF:90:77:AF:9D:98:
B1:5A:09:99:AC:EB:63:2B:37:1B:48:37:4E:E8:8A:36:34:D2:B8:34:
A2:99:E4:74:5D:1D:D9:EA:1D:F5:1E:C7:7C:51:65:4E:A2:D3:5F:BB:
39:AE:5E:FA:B5:56:60:9D:B6:F1:A3:CB:74:4A:D8:E7:EE:4E:A3:C8:
8F:7C:84:21:4B:D5:7C:8E:86:46:D9:8E:1A:D7:B7:7F:AD:AC:B0:60:
67:98:3A:84:BB:59:99:3F:6F:B5:0F:DA:40:0D:BF:AC
sproot@matrix:~$
sproot@matrix:~$ sudo dmesg | grep -i cert
[ 1.745380] Loading compiled-in X.509 certificates
[ 1.769373] Loaded X.509 cert 'Debian Secure Boot CA:
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
[ 1.769384] Loaded X.509 cert 'Debian Secure Boot Signer: 00a7468def'
[ 1.769962] integrity: Loading X.509 certificate: UEFI:db
[ 1.769973] integrity: Loaded X.509 cert 'Dell Inc. UEFI DB:
5ddb772dc880660055ba0bc131886bb630a639e7'
[ 1.769973] integrity: Loading X.509 certificate: UEFI:db
[ 1.769986] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA
2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
[ 1.769986] integrity: Loading X.509 certificate: UEFI:db
[ 1.769998] integrity: Loaded X.509 cert 'Microsoft Windows Production
PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
[ 1.770445] integrity: Loading X.509 certificate: UEFI:MokListRT
[ 1.770583] integrity: Loaded X.509 cert 'Maxim S Medvedev:
ab18886f95065cfb3c990ef46d8e4613cbddc580'
[ 1.770583] integrity: Loading X.509 certificate: UEFI:MokListRT
[ 1.770723] integrity: Loaded X.509 cert 'Debian Secure Boot CA:
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
sproot@matrix:~$
sproot@matrix:~$ sudo mokutil -l
[key 1]
SHA1 Fingerprint:
10:ac:ba:24:7d:cb:23:b5:46:bf:2f:dc:d4:f5:e3:b6:18:a0:0b:43
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:01:6a:74:1b:3f:eb:2e:88:25:d3:33:2c:6e:1b:18:b3:00:7a:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Maxim S Medvedev
Validity
Not Before: Nov 20 00:18:34 2019 GMT
Not After : Oct 27 00:18:34 2119 GMT
Subject: CN=Maxim S Medvedev
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:61:6f:38:58:b0:26:79:7f:af:e8:ba:28:8d:
bf:2e:43:36:15:f0:4f:f1:3a:fe:f4:8e:92:23:69:
56:da:07:90:45:83:58:f4:5a:df:7b:88:81:f9:87:
0e:a7:84:44:c8:a8:4d:9b:d5:9c:03:7c:2b:f9:7c:
ea:67:9b:c2:51:18:76:fc:21:92:ac:ce:30:f1:1a:
87:d9:fa:96:59:8e:86:3b:c7:a0:74:f8:c9:e0:16:
58:cd:92:73:d0:a2:a3:6e:59:53:83:c8:a8:c5:ae:
07:d4:e0:2d:b9:81:cf:c4:ad:cb:9c:99:74:53:71:
34:f9:e4:84:88:6c:85:17:3d:8d:19:72:1a:ab:0e:
81:5a:f4:4e:18:70:4a:0a:5d:ef:35:9f:53:3a:dc:
e3:14:41:8f:f5:02:87:3a:57:4b:89:03:33:c1:4e:
2b:99:be:13:9a:f7:a0:69:bd:23:40:2d:e9:e0:19:
20:7a:39:27:b2:51:cb:35:3e:f6:8a:c8:b2:98:cc:
4d:93:41:21:9f:5a:35:b0:d2:48:3c:41:46:fc:43:
d0:50:8f:ed:9c:e0:28:10:94:5d:39:e6:5e:6b:ab:
e4:f1:dd:e1:95:de:c0:1e:42:a6:11:d8:ad:4e:37:
8c:f9:d8:a9:a9:95:b2:ed:56:75:94:d9:6d:fb:24:
99:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:18:88:6F:95:06:5C:FB:3C:99:0E:F4:6D:8E:46:13:CB:DD:C5:80
X509v3 Authority Key Identifier:
keyid:AB:18:88:6F:95:06:5C:FB:3C:99:0E:F4:6D:8E:46:13:CB:DD:C5:80
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
ab:e9:f0:11:17:29:bc:7b:19:92:3d:09:03:91:b9:49:7e:eb:
a3:52:2e:fb:70:db:17:e8:de:c7:9b:8e:3a:c5:a2:fd:aa:99:
b0:4d:9d:a9:b6:f1:e6:dc:04:9b:c1:21:a6:7d:11:a3:d2:ac:
a1:16:3c:c6:6a:34:8b:72:9b:e4:e6:9a:cc:99:75:6d:aa:98:
01:06:6c:8f:54:12:3d:ef:fa:08:3b:3e:e7:36:9d:33:10:28:
fd:13:97:90:8b:4d:45:66:c3:57:a5:f2:0b:02:5e:ee:1e:37:
80:00:cc:15:6c:4b:87:8a:92:34:ba:6d:b7:7f:b7:2b:80:e1:
2b:8a:be:6e:ff:8b:b6:c0:98:df:95:b4:2d:f3:54:96:ae:99:
6d:e2:12:58:28:4c:df:a1:55:8b:da:7d:69:4a:25:f3:e2:0e:
09:c8:97:65:dc:37:c7:1d:ba:d7:ac:88:01:f1:7d:81:d6:8c:
a8:b4:87:9d:83:c2:7e:b9:96:49:a8:d6:7f:72:d9:ea:ca:53:
fa:a0:86:a4:c6:68:d7:ca:f5:e9:af:a0:ad:a6:84:a3:bb:e5:
01:08:ef:d1:81:dc:55:18:4c:bf:2b:04:43:69:47:85:67:ac:
ea:31:4e:c3:1f:56:8a:29:2b:7f:be:62:b0:fc:83:01:47:fb:
f3:1d:64:9a
[key 2]
SHA1 Fingerprint:
53:61:0c:f8:1f:bd:7e:0c:eb:67:91:3c:9e:f3:e7:94:a9:63:3e:cb
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ed:54:a1:d5:af:87:48:94:8d:9f:89:32:ee:9c:7c:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Debian Secure Boot CA
Validity
Not Before: Aug 16 18:09:18 2016 GMT
Not After : Aug 9 18:09:18 2046 GMT
Subject: CN=Debian Secure Boot CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:95:d4:8b:9b:da:10:ac:2e:ca:82:37:c1:a4:
cb:4a:c3:1b:42:93:c2:7a:29:d3:6e:dd:64:af:80:
af:ea:66:a2:1b:61:9c:83:0c:c5:6b:b9:35:25:ff:
c5:fb:e8:29:43:de:ce:4b:3d:c6:12:4d:b1:ef:26:
43:95:68:cd:04:11:fe:c2:24:9b:de:14:d8:86:51:
e8:38:43:bd:b1:9a:15:e5:08:6b:f8:54:50:8b:b3:
4b:5f:fc:14:e4:35:50:7c:0b:b1:e2:03:84:a8:36:
48:e4:80:e8:ea:9f:fa:bf:c5:18:7b:5e:ce:1c:be:
2c:80:78:49:35:15:c0:21:cf:ef:66:d5:8a:96:08:
2b:66:2f:48:17:b1:e7:ec:82:8f:07:e6:ca:e0:5f:
71:24:39:50:0a:8e:d1:72:28:50:a5:9d:21:f4:e3:
61:ba:09:03:66:c8:df:4e:26:36:0b:15:0f:63:1f:
2b:af:ab:c4:28:a2:56:64:85:8d:a6:55:41:ae:3c:
88:95:dd:d0:6d:d9:29:db:d8:c4:68:b5:fc:f4:57:
89:6b:14:db:e0:ef:ee:40:0d:62:1f:ea:58:d4:a3:
d8:ba:03:a6:97:2e:c5:6b:13:a4:91:77:a6:b5:ad:
23:a7:eb:0a:49:14:46:7c:76:e9:9e:32:b4:89:af:
57:79
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
CA Issuers - URI:https://dsa.debian.org/secure-boot-ca
X509v3 Authority Key Identifier:
keyid:6C:CE:CE:7E:4C:6C:0D:1F:61:49:F3:DD:27:DF:CC:5C:BB:41:9E:A1
Netscape Cert Type: critical
SSL Client, SSL Server, S/MIME, Object Signing, SSL CA,
S/MIME CA, Object Signing CA
X509v3 Extended Key Usage:
Code Signing
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
6C:CE:CE:7E:4C:6C:0D:1F:61:49:F3:DD:27:DF:CC:5C:BB:41:9E:A1
Signature Algorithm: sha256WithRSAEncryption
77:96:3e:47:c9:ce:09:cf:8b:89:ce:59:ed:26:0e:26:0b:b9:
ad:a9:2b:bd:a1:eb:88:79:02:ff:31:de:fe:f5:6a:07:ef:61:
13:11:70:1e:bf:9c:4e:66:6c:e1:62:12:97:01:57:65:47:dd:
4a:c6:f7:f4:de:a8:f1:13:62:cc:83:57:ac:3c:a6:91:15:af:
55:26:72:69:2e:14:cd:dd:4d:b3:d1:60:24:2d:32:4f:19:6c:
11:5e:f2:a3:f2:a1:5f:62:0f:30:ae:ad:f1:48:66:64:7d:36:
44:0d:06:34:3d:2e:af:8e:9d:c3:ad:c2:91:d8:37:e0:ee:7a:
5f:82:3b:67:8e:00:8a:c4:a4:df:35:16:c2:72:2b:4c:51:d7:
93:93:9e:ba:08:0d:59:97:f2:e2:29:a0:44:4d:ea:ee:f8:3e:
02:60:ca:15:cf:4e:9a:25:91:84:3f:b7:5a:c7:ee:bc:6b:80:
a3:d9:fd:b2:6d:7a:1e:63:14:eb:ef:f1:b0:40:25:d5:e8:0e:
81:eb:6b:f7:cb:ff:e5:21:00:22:2c:2e:9a:35:60:12:4b:5b:
5f:38:46:84:0c:06:9c:cf:72:93:62:18:ee:5c:98:d6:b3:7d:
06:25:39:95:df:4e:60:76:b0:06:7b:08:b0:6e:e3:64:9f:21:
56:ad:39:0f
sproot@matrix:~$
sproot@matrix:~$ mokutil --sb-state
SecureBoot enabled
SecureBoot validation is disabled in shim
sproot@matrix:~$
sproot@matrix:~$ sudo cat /proc/keys
004b4e6d I------ 2 perm 1f010000 0 0 blacklist
bin:6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66
0096be45 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
0244ffe2 I--Q--- 7 perm 3f030000 0 0 keyring _ses: 1
028aaaa3 I------ 2 perm 1f010000 0 0 blacklist
bin:306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593
0409752e I--Q--- 6 perm 3f030000 0 0 keyring _ses: 1
0451d49d I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
04581a59 I------ 2 perm 1f010000 0 0 blacklist
bin:b54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55
04d49860 I------ 2 perm 1f010000 0 0 blacklist
bin:0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfc
052e91e1 I------ 2 perm 1f010000 0 0 blacklist
bin:c5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbd
0564875d I--Q--- 8 perm 3f1b0000 0 0 keyring
_ses.81b00d7e0cf12ef81c1f5692e74899db4222f3cdb80f6c50ef119ec47ca1458b: empty
057a5d00 I------ 2 perm 1f010000 0 0 blacklist
bin:18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10f
05923fb4 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
066cae5e I--Q--- 3 perm 3f030000 0 0 keyring _ses: 1
06cb225d I------ 2 perm 1f010000 0 0 blacklist
bin:d626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1
08196bcf I--Q--- 4 perm 3f1b0000 0 0 keyring
_ses.e749e9262f6079ff9e514601bde5da590bdf2e725caf9b7608108501b90e3c9a: empty
0832390d I--Q--- 3 perm 1f3f0000 0 65534 keyring _uid.0: empty
08ce9757 I------ 2 perm 1f010000 0 0 blacklist
bin:8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9
08e5314a I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
0909077f I------ 2 perm 1f010000 0 0 blacklist
bin:c90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8b
0958480a I--Q--- 13 perm 3f030000 0 0 keyring _ses: 1
09d1a9c0 I------ 2 perm 1f010000 0 0 blacklist
bin:b97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9
0a36a7f2 I------ 2 perm 1f010000 0 0 blacklist
bin:55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5ba
0ae52e7f I------ 2 perm 1f010000 0 0 blacklist
bin:0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140f
0be07dfe I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
0c5241ba I------ 2 perm 1f010000 0 0 blacklist
bin:ad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720
0d0de69c I------ 1 perm 1f0b0000 0 0 keyring .platform: 5
0d0ef6ae I--Q--- 3 perm 3f1b0000 0 0 keyring
_ses.f5bcd5d0e6d3453901d8d150642488b3d9f415c83154a81186842ac738adb00a: empty
0d3ee3d6 I------ 2 perm 1f010000 0 0 blacklist
bin:1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06
0d8b3ee1 I------ 2 perm 1f010000 0 0 blacklist
bin:3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9
0dae42ec I------ 2 perm 1f010000 0 0 blacklist
bin:518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135
0dd462b8 I------ 2 perm 1f010000 0 0 blacklist
bin:075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238
0dda2ab9 I------ 2 perm 1f010000 0 0 blacklist
bin:47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adf
0e180e4e I------ 2 perm 1f010000 0 0 blacklist
bin:e92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fa
0e4f74de I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
0e9224dd I--Q--- 3 perm 3f030000 0 0 keyring _ses: 1
0eb44dba I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
0f1bdd09 I------ 2 perm 1f010000 0 0 blacklist
bin:fecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436
0f81fef4 I------ 2 perm 1f010000 0 0 blacklist
bin:d063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56d
0f95f59b I------ 2 perm 1f010000 0 0 blacklist
bin:6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785e
0fdae807 I------ 2 perm 1f010000 0 0 blacklist
bin:7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5
103fd935 I------ 1 perm 1f030000 0 0 asymmetri Debian Secure
Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1: X509.rsa bb419ea1 []
10bcf083 I------ 2 perm 1f010000 0 0 blacklist
bin:2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8
1154ed54 I------ 2 perm 1f010000 0 0 blacklist
bin:c83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884
116223dd I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
11907fba I------ 2 perm 1f010000 0 0 blacklist
bin:58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771
11c8dd42 I--Q--- 4 perm 3f1b0000 0 0 keyring
_ses.8dca7f883f323ae239a298c34dc3c96c748c5f3faf6ea162d269a42514ff20a2: empty
12d2799f I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
12fd73a3 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1411bc2d I------ 2 perm 1f010000 0 0 blacklist
bin:0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374
149fc303 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
14eb748a I--Q--- 1 perm 1f3f0000 0 65534 keyring _uid_ses.0: 1
15510527 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
15f94a5f I------ 2 perm 1f010000 0 0 blacklist
bin:2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7d
163d55f9 I------ 2 perm 1f010000 0 0 blacklist
bin:c409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fc
16dfda70 I------ 2 perm 1f010000 0 0 blacklist
bin:b8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736
1706dbdc I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
178b70bf I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
18475043 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1a0f5a1c I--Q--- 7 perm 3f030000 0 0 keyring _ses: 1
1a4d5a6e I------ 1 perm 1f010000 0 0 asymmetri Microsoft
Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53:
X509.rsa 7c55af53 []
1ac12d28 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1ad96385 I------ 2 perm 1f010000 0 0 blacklist
bin:fe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01
1b2a47fa I------ 1 perm 1f0b0000 0 0 keyring .blacklist: 77
1b2a7f77 I------ 2 perm 1f010000 0 0 blacklist
bin:90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44c
1bc3b428 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1bcc4add I------ 2 perm 1f010000 0 0 blacklist
bin:aeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1
1cae0e26 I------ 2 perm 1f010000 0 0 blacklist
bin:d8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fa
1cbe2b79 I------ 2 perm 1f010000 0 0 blacklist
bin:8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521
1cd21ccc I------ 2 perm 1f010000 0 0 blacklist
bin:2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939
1d3ab3df I------ 2 perm 1f010000 0 0 blacklist
bin:81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4
1e38cf6d I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1e4c2fba I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1e75ed2a I------ 1 perm 1f010000 0 0 asymmetri Dell Inc. UEFI
DB: 5ddb772dc880660055ba0bc131886bb630a639e7: X509.rsa 30a639e7 []
1e7faabb I------ 2 perm 1f010000 0 0 blacklist
bin:3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73
1f876db3 I--Q--- 3 perm 3f030000 0 0 keyring _ses: 1
1f8edad8 I------ 2 perm 1f010000 0 0 blacklist
bin:106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689c
1fa8cbe2 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
1ff188ce I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1ff1e0ca I------ 1 perm 1f030000 0 0 asymmetri Debian Secure
Boot Signer: 00a7468def: X509.rsa []
2179a145 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
229ae4e4 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
23622b03 I------ 2 perm 1f010000 0 0 blacklist
bin:c617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967f
242c7376 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
24de2f47 I--Q--- 6 perm 3f030000 0 0 keyring _ses: 1
2533e558 I--Q--- 8 perm 3f1b0000 0 0 keyring
_ses.32345d4f8db8c7074ca00aef36432e4828039f20a135a0b4af5a39222a1c1ec3: empty
25765714 I------ 2 perm 1f010000 0 0 blacklist
bin:82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67
25bb201c I------ 2 perm 1f010000 0 0 blacklist
bin:29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44
26a60c7d I------ 2 perm 1f010000 0 0 blacklist
bin:07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09e
27615cd0 I------ 2 perm 1f010000 0 0 blacklist
bin:77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2f
278ee258 I------ 2 perm 1f010000 0 0 blacklist
bin:71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375
27b27089 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2800f856 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
28994eb5 I------ 2 perm 1f010000 0 0 blacklist
bin:09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26
28a38773 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
293033da I------ 2 perm 1f010000 0 0 blacklist
bin:afe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3
2930713b I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2993c3e9 I--Q--- 4 perm 3f030000 0 0 keyring _ses: 1
29d003d3 I------ 2 perm 1f010000 0 0 blacklist
bin:80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0a
29d3b6de I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
2a04c2b0 I------ 2 perm 1f010000 0 0 blacklist
bin:f52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7a
2b51c1df I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
2b902ddb I--Q--- 12 perm 3f030000 0 0 keyring _ses: 1
2d48d677 I------ 2 perm 1f010000 0 0 blacklist
bin:ce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540ce
2d599ef4 I------ 2 perm 1f010000 0 0 blacklist
bin:e6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5
2d6dac86 I------ 1 perm 1f010000 0 0 asymmetri Microsoft
Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4:
X509.rsa 988a1bd4 []
2df6994f I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2ef05a84 I------ 2 perm 1f010000 0 0 blacklist
bin:c3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66
2f07e52b I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2f33af1a I------ 2 perm 1f010000 0 0 blacklist
bin:64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745
2f93b224 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
2fe9d99a I------ 2 perm 1f010000 0 0 blacklist
bin:363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76
309f619a I------ 2 perm 1f010000 0 0 blacklist
bin:fddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8
30fea07c I------ 2 perm 1f010000 0 0 blacklist
bin:5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5c
3165fa0c I------ 2 perm 1f010000 0 0 blacklist
bin:174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920c
31e6f557 I------ 2 perm 1f010000 0 0 blacklist
bin:cb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7
32049ec2 I------ 1 perm 1f010000 0 0 asymmetri Debian Secure
Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1: X509.rsa bb419ea1 []
3228081a I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
32fa7713 I------ 2 perm 1f010000 0 0 blacklist
bin:a6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7
332f2b9a I--Q--- 1 perm 3f030000 0 0 keyring _ses: 2
338e0751 I------ 1 perm 1f0b0000 0 0 keyring
.builtin_trusted_keys: 2
34d65cfe I------ 2 perm 1f010000 0 0 blacklist
bin:5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992ea
358a1b3b I------ 2 perm 1f010000 0 0 blacklist
bin:bc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7
3591f4b2 I------ 2 perm 1f010000 0 0 blacklist
bin:ca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65b
366b076a I------ 2 perm 1f010000 0 0 blacklist
bin:3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2
37aeba5c I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
37f3a097 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
38a3fd78 I------ 2 perm 1f010000 0 0 blacklist
bin:0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898c
38afb909 I--Q--- 3 perm 3f030000 0 0 keyring _ses: 1
38e90534 I------ 2 perm 1f010000 0 0 blacklist
bin:895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163daf
390985df I------ 2 perm 1f010000 0 0 blacklist
bin:9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734
3914c7da I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
3924dd1a I------ 2 perm 1f010000 0 0 blacklist
bin:2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17d
397b948a I------ 2 perm 1f010000 0 0 blacklist
bin:8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481c
397ca6a8 I------ 2 perm 1f010000 0 0 blacklist
bin:72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8
39a72db1 I--Q--- 180 perm 3f030000 0 0 keyring _ses: 1
3a53eb48 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3a545602 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3ab85866 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
3afaeeab I------ 2 perm 1f010000 0 0 blacklist
bin:939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049
3afd2148 I------ 2 perm 1f010000 0 0 blacklist
bin:6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11
3bb06d11 I------ 2 perm 1f010000 0 0 blacklist
bin:3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02
3c516527 I------ 2 perm 1f010000 0 0 blacklist
bin:726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1
3c6cd85a I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3c7ff505 I------ 2 perm 1f010000 0 0 blacklist
bin:4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692
3cba6bc8 I------ 1 perm 1f010000 0 0 asymmetri Maxim S
Medvedev: ab18886f95065cfb3c990ef46d8e4613cbddc580: X509.rsa cbddc580 []
3cbca938 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3cdbcfd9 I------ 2 perm 1f010000 0 0 blacklist
bin:45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e
3e121b26 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3e32b515 I------ 2 perm 1f010000 0 0 blacklist
bin:9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42
3e649360 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3e8c425b I--Q--- 4 perm 3f030000 0 0 keyring _ses: 1
3f8d0985 I------ 2 perm 1f010000 0 0 blacklist
bin:a7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458d
sproot@matrix:~$
sproot@matrix:~$ sudo inxi -Fxz
System: Host: matrix Kernel: 5.2.0-0.bpo.3-amd64 x86_64 bits: 64
compiler: gcc v: 8.3.0 Desktop: Xfce 4.12.4
Distro: Debian GNU/Linux 10 (buster)
Machine: Type: Laptop System: Dell product: Vostro 5370 v: N/A serial:
<filter>
Mobo: Dell model: 08X87Y v: A00 serial: <filter> UEFI: Dell v:
1.10.0 date: 11/12/2018
Battery: ID-1: BAT0 charge: 33.0 Wh condition: 34.6/38.0 Wh (91%) model:
SMP DELL 39DY56B status: Charging
CPU: Topology: Quad Core model: Intel Core i5-8250U bits: 64 type: MT
MCP arch: Kaby Lake rev: A L2 cache: 6144 KiB
flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips:
28800
Speed: 900 MHz min/max: 400/3400 MHz Core speeds (MHz): 1: 829
2: 869 3: 812 4: 839 5: 827 6: 803 7: 847 8: 823
Graphics: Device-1: Intel UHD Graphics 620 vendor: Dell driver: i915 v:
kernel bus ID: 00:02.0
Display: server: X.Org 1.20.4 driver: intel resolution:
1920x1080~60Hz
OpenGL: renderer: Mesa DRI Intel UHD Graphics 620 (Kabylake GT2)
v: 4.5 Mesa 18.3.6 direct render: Yes
Audio: Device-1: Intel Sunrise Point-LP HD Audio vendor: Dell driver:
snd_hda_intel v: kernel bus ID: 00:1f.3
Sound Server: ALSA v: k5.2.0-0.bpo.3-amd64
Network: Device-1: Intel Wireless 3165 driver: iwlwifi v: kernel port:
f040 bus ID: 01:00.0
IF: wlp1s0 state: up mac: <filter>
IF-ID-1: br-bb7f789cc281 state: up speed: N/A duplex: N/A mac:
<filter>
IF-ID-2: br-ed81099940a3 state: up speed: N/A duplex: N/A mac:
<filter>
IF-ID-3: docker0 state: down mac: <filter>
IF-ID-4: veth530ccea state: up speed: 10000 Mbps duplex: full
mac: <filter>
IF-ID-5: veth6371ad8 state: up speed: 10000 Mbps duplex: full
mac: <filter>
IF-ID-6: veth9a447fd state: up speed: 10000 Mbps duplex: full
mac: <filter>
IF-ID-7: veth9ef5c9b state: up speed: 10000 Mbps duplex: full
mac: <filter>
IF-ID-8: vethd60c9d8 state: up speed: 10000 Mbps duplex: full
mac: <filter>
IF-ID-9: virbr0 state: down mac: <filter>
IF-ID-10: virbr0-nic state: down mac: <filter>
Drives: Local Storage: total: 238.47 GiB used: 108.65 GiB (45.6%)
ID-1: /dev/nvme0n1 vendor: SK Hynix model: BC501 NVMe 256GB
size: 238.47 GiB
Partition: ID-1: / size: 217.29 GiB used: 54.26 GiB (25.0%) fs: ext4 dev:
/dev/dm-1
ID-2: /boot size: 236.3 MiB used: 115.9 MiB (49.1%) fs: ext2
dev: /dev/nvme0n1p2
ID-3: swap-1 size: 15.90 GiB used: 0 KiB (0.0%) fs: swap dev:
/dev/dm-2
Sensors: System Temperatures: cpu: 42.0 C mobo: 39.0 C sodimm: 39.0 C
Fan Speeds (RPM): cpu: 0
Info: Processes: 260 Uptime: 3h 30m Memory: 15.63 GiB used: 3.20 GiB
(20.5%) Init: systemd runlevel: 5 Compilers:
gcc: 8.3.0 Shell: bash v: 5.0.3 inxi: 3.0.32
sproot@matrix:~$
sproot@matrix:~$ sudo cat ~root/create_uefi_cert.sh
#!/bin/bash
out_dir='/root/module-signing'
mkdir ${out_dir}
openssl \
req \
-new \
-x509 \
-newkey \
rsa:2048 \
-keyout ${out_dir}/MOK.priv \
-outform DER \
-out ${out_dir}/MOK.der \
-days 36500 \
-subj "/CN=Maxim S Medvedev/" \
-nodes
chmod 600 ${out_dir}/MOK*
sproot@matrix:~$
sproot@matrix:~$
sproot@matrix:~$ sudo cat ~root/sign_vmware.sh
#!/bin/bash
readonly hash_algo='sha256'
readonly key='/root/module-signing/MOK.priv'
readonly x509='/root/module-signing/MOK.der'
readonly name="$(basename $0)"
# The exact location of `sign-file` might vary depending on your platform.
sign_util="/usr/lib/linux-kbuild-5.2/scripts/sign-file"
#[ -z "${KBUILD_SIGN_PIN}" ] && echo -n "Passphrase for ${key}: " && read
-s KBUILD_SIGN_PIN
#export KBUILD_SIGN_PIN
for module in $(dirname $(modinfo -n vmmon))/*.ko; do
#for module in $(ls ./test_kernel_module/*.ko); do
echo "Signing ${module}..."
${sign_util} "${hash_algo}" "${key}" "${x509}" "${module}"
done
sproot@matrix:~$
--
Best regards,
Maxim Medvedev
--
Best regards,
Maxim Medvedev
