Lilian Anatolie Moraru lilianmoraru

## dkms-module-signing.md

      
              4 files
            
          
              9 forks
            
          
              12 comments
            
          
              44 stars
            
          
                dojoe
                / dkms-module-signing.md
            
            
              Last active
              February 6, 2024 20:44
            
              
                Make DKMS sign kernel modules on installation, with full script support and somewhat distro independent
              
          
    On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.
These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking, a passphrase around your signing key, and support for compressed modules.
dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.
Installation


Create a directory under /root, say /root/module-signing, put the three scripts below in there and make them executable: chmod u+x one-time-setup sign-modules dkms-sign-module


## Looking into the Future.md

      
              1 file
            
          
              10 forks
            
          
              0 comments
            
          
              73 stars
            
          
                Diggsey
                / Looking into the Future.md
            
            
              Created
              October 1, 2017 11:19
            
          
    Looking into the Future

futures-rs is the library which will hopefully become a shared foundation for everything async in Rust. However it's already become renowned for having a steep learning curve, even for experienced Rustaceans.
I think one of the best ways to get comfortable with using a library is to look at how it works internally: often API design can seem bizarre or impenetrable and it's only when you put yourself in the shoes of the library author that you can really understand why it was designed that way.
In this post I'll try to put down on "paper" my understanding of how futures work and I'll aim to do it in a visual way. I'm going to assume you're already somewhat familiar with Rust and why futures are a useful tool to have at one's disposal.
For most of this post I'll be talking about how things work today (as of September 2017). At the end I'll touch on what's being proposed next and also make a case for some of the changes I'd like to see.
If you're interested in learning more ab

  
## create-efi-keys.sh
# VERY IMPORTANT! After each kernel update or dkms rebuild the modules must be signed again with the script
# ~/.ssl/sign-all-modules.sh

# Place all files in ~/.ssl folder
mkdir ~/.ssl
cd ~/.ssl

# Generate custom keys with openssl
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes  -subj "/CN=Owner/"
	# VERY IMPORTANT! After each kernel update or dkms rebuild the modules must be signed again with the script
	# ~/.ssl/sign-all-modules.sh

	# Place all files in ~/.ssl folder
	mkdir ~/.ssl
	cd ~/.ssl

	# Generate custom keys with openssl
	openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -subj "/CN=Owner/"