[zfs-discuss] Signing the ZFS module in Fedora 27 with UEFI/Secure Boot

Matt Kelly canine.matt at gmail.com
Wed Apr 18 21:48:03 EDT 2018


Hello,

I'm having a little trouble signing my zfs module and I hoped someone on
the list might be able to help.

I sign the VirtualBox module using keys I generated, with the following
command:

# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./key.priv
./key.der $(modinfo -n vboxdrv)

It works fine and is generic enough that I should be able to do the same
thing with zfs. But attempting to do so fails. Checking modinfo -n zfs, I
see that the zfs kernel module exists as a compressed file -
/lib/modules/4.15.17-300.fc27.x86_64/extra/zfs.ko.xz (and that is the
correct current kernel version).

find / -name zfs.ko returns nothing, so this .xz file is the only zfs
module available. Fine, so I run xz --decompress zfs.ko.xz. It tells me
that the data is corrupt.

Modinfo zfs just returns the path to zfs.ko.xz and a modinfo error.

So I'm at a loss at this point. Disabling secure boot is not really an
option I want to consider. How am I supposed to sign a compressed module if
I can't decompress the file first? Or is it already signed with a key
available for me to download that I'm supposed to register?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.zfsonlinux.org/pipermail/zfs-discuss/attachments/20180419/646f4ee0/attachment.html>


More information about the zfs-discuss mailing list