On 2021-11-20 09:48, Drew Parsons wrote:
...
I guess that reference to bss_file.c must be a clue, if not the
reference to the missing /root/dkms.key >
The 470.74/5.14.0-2 make.log in the error message shows no errors
itself, but the last line is
"Signing /var/lib/dkms/nvidia-current/470.74/build/nvidia.ko"
...
I created /root/mok.priv and /root/mok.der
The script I've been using to sign the modules manually is
...
/usr/lib/linux-kbuild-${kernel_version}/scripts/sign-file sha256
/root/mok.priv /root/mok.der $k
Thinking about it some more, looks like this is what's going on.
Following the instructions at https://wiki.debian.org/SecureBoot,
I've created mok.priv and mok.der, but there is no /root/dkms.key on my
system.
sign-file itself is working, and working with my MOK keys.
When dkms runs, it evidently triggers sign-file, invoking /root/dkms.key
I don't think I configured it to do that. I would have used mok.der (or
.priv) not dkms.key
So I see 2 questions here:
1) what is making the dkms scripts invoke sign-file ?
2) what is making them invoke sign-file with /root/dkms.key ?
i.e. where does dkms expect /root/dkms.key to come from?
