Skip to content

Instantly share code, notes, and snippets.

@sbueringer
sbueringer / dkms-module-signing.md
Created Oct 16, 2019 — forked from dojoe/dkms-module-signing.md
Make DKMS sign kernel modules on installation, with full script support and somewhat distro independent
View dkms-module-signing.md

On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.

These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking, a passphrase around your signing key, and support for compressed modules.

dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.

Installation

  1. Create a directory under /root, say /root/module-signing, put the three scripts below in there and make them executable: chmod u+x one-time-setup sign-modules dkms-sign-module
@githubfoam
githubfoam / Mellanox OFED cheat sheet
Last active May 14, 2021
Mellanox OFED cheat sheet
View Mellanox OFED cheat sheet
--------------------------------------------------------------------------
# ofed_info -s
--------------------------------------------------------------------------
Find Mellanox Adapter Type and Firmware/Driver version
ConnectX-4 card
# lspci | grep Mellanox
0a:00.0 Network controller: Mellanox Technologies MT27500 Family [ConnectX-3]
# lspci -vv -s 0a:00.0 | grep "Part number" -A 3
# lspci | grep Mellanox | awk '{print $1}' | xargs -i -r mstvpd {}
View RDMA Cheat Sheet
RDMA verification
This work assumes there are two nodes to run iscsi target/initiator environment.
--------------------------------------------------------------------------------------------------------
Load the RDMA drivers using the following command line
/etc/init.d/openibd start
If one is using the InfiniBand transport and he doesn't have a managed switch in the subnet, he has to start the Subnet Manager (SM). Doing this in one of the machines in the subnet is enough, this can be done with the following command line
/etc/init.d/opensmd start
--------------------------------------------------------------------------------------------------------
Verify that traffic is working