Ubuntu – How to sign kernel modules with sign-file

kernelvmware

I just installed Ubuntu 16.04 with secure boot and encountered the same vmware-error as described there:

modprobe: ERROR: could not insert 'vmnet': Required key not available.

One way to circumvent this problem is to disable the secure boot, but I don't want to do that. The other way is to sign the kernel modules by myself, following this very detailed thread. There is a tutorial on how to do that in RHEL and in fedora, but all of these solutions are relying on some script I cannot seem to find:

sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)

Where do I find this sign-file script in Ubuntu?

Best Answer

On Ubuntu, that would be /usr/src/linux-headers-$(uname -r)/scripts/sign-file.

How did I figure that out? I did a search for sign-file:

dpkg -S sign-file

which told me which package provides this file (currently linux-headers-4.4.0-22-generic) and where it was installed, i.e. in /usr/src/linux-headers-4.4.0-22-generic/scripts/.

The uname -r part is just to keep the command independent from the currently-installed headers-generic package.

Related Solutions

Ubuntu – How to blacklist kernel modules

Note: blacklisting will not work for modules which are built into the kernel image (i.e. not loaded via a separate .ko file. The only way to disable such modules is via a kernel parameter (if available) or by recompiling the kernel.

Just open your /etc/modprobe.d/blacklist file and add drivername using following syntax:

blacklist driver-name

EDIT: In later versions since 12.10 (12.04?) the file is /etc/modprobe.d/blacklist.conf

Reboot your box and use lsmod command to show the status of modules in the Linux Kernel

Note: here driver-name is the name of your desired blacklist driver. For example, If you wanted to disable the NIC card driver, you can find the name of kernel driver for your LAN card by using the command lspci -v command in a terminal.
For Example my output was :

........
........ 
6:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5906M Fast Ethernet PCI Express (rev 02)
    Subsystem: Lenovo Device 3861
    Flags: bus master, fast devsel, latency 0, IRQ 46
    Memory at b8000000 (64-bit, non-prefetchable) [size=64K]
    Expansion ROM at  [disabled]
    Capabilities: 
    Kernel driver in use: tg3
    Kernel modules: tg3
........
........

Here, I see the driver is tg3. so you need to write tg3(or your driver) in the place of driver-name.

Plenty of info can be found here.

Ubuntu – VMWare Kernel Modules will not compile or update on Ubuntu 12.04

VMWare is behind the times and the VMWare modules will not compile by default on kernel 3.2, which Ubuntu 12.04 uses.

Please use the patch available in this blog post, and then try to compile again.

I can confirm that the patch worked for me on both VMWare Player 4.x and Workstation 8.x on Ubuntu 12.04.

Best Answer

Related Solutions

Ubuntu – How to blacklist kernel modules

Ubuntu – VMWare Kernel Modules will not compile or update on Ubuntu 12.04

Related Question