Ubuntu – How to sign kernel modules with sign-file


I just installed Ubuntu 16.04 with secure boot and encountered the same vmware-error as described there:

modprobe: ERROR: could not insert 'vmnet': Required key not available.

One way to circumvent this problem is to disable the secure boot, but I don't want to do that. The other way is to sign the kernel modules by myself, following this very detailed thread. There is a tutorial on how to do that in RHEL and in fedora, but all of these solutions are relying on some script I cannot seem to find:

sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)

Where do I find this sign-file script in Ubuntu?

Related: https://github.com/bergwolf/rhel6/blob/master/Documentation/module-signing.txt and sign a module after kernel compilation.

Best Answer

On Ubuntu, that would be /usr/src/linux-headers-$(uname -r)/scripts/sign-file.

How did I figure that out? I did a search for sign-file:

dpkg -S sign-file

which told me which package provides this file (currently linux-headers-4.4.0-22-generic) and where it was installed, i.e. in /usr/src/linux-headers-4.4.0-22-generic/scripts/.

The uname -r part is just to keep the command independent from the currently-installed headers-generic package.

Related Question