You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: lkmpg.tex
+13-17Lines changed: 13 additions & 17 deletions
Original file line number
Diff line number
Diff line change
@@ -183,23 +183,19 @@ \subsection{Before We Begin}
183
183
Refer to \ref{sec:helloworld} for more information.
184
184
For instant access to this information, it is advisable to perform all tasks from the console.
185
185
\item SecureBoot.
186
-
Many contemporary computers are pre-configured with UEFI SecureBoot enabled.
187
-
It is a security standard that can make sure the device boots using only software that is trusted by original equipment manufacturer.
188
-
The default Linux kernel from some distributions have also enabled the SecureBoot.
189
-
For such distributions, the kernel module has to be signed with the security key or you would get the ``\emph{ERROR: could not insert module}'' when you insert your first hello world module:
190
-
191
-
\begin{codebash}
192
-
insmod ./hello-1.ko
193
-
\end{codebash}
194
-
And then you can check further with \sh|dmesg| and see the following text:
195
-
196
-
\emph{Lockdown: insmod: unsigned module loading is restricted;
197
-
see man kernel lockdown.7}
198
-
199
-
If you got this message, the simplest way is to disable the UEFI SecureBoot from the PC/laptop boot menu to have your ``hello-1'' to be inserted.
200
-
Of course you can go through complicated steps to generate keys, install keys to your system, and finally sign your module to make it work.
201
-
However, this is not suitable for beginners.
202
-
You could read and follow the steps in \href{https://wiki.debian.org/SecureBoot}{SecureBoot} if you are interested.
186
+
Numerous modern computers arrive pre-configured with UEFI SecureBoot enabled—an essential security standard ensuring booting exclusively through trusted software endorsed by the original equipment manufacturer.
187
+
Certain Linux distributions even ship with the default Linux kernel configured to support SecureBoot.
188
+
In these cases, the kernel module necessitates a signed security key.
189
+
190
+
Failing this, an attempt to insert your first ``hello world'' module would result in the message: ``\emph{ERROR: could not insert module}''.
191
+
If this message \emph{Lockdown: insmod: unsigned module loading is restricted;
192
+
see man kernel lockdown.7} appears in the \sh|dmesg| output,
193
+
the simplest approach involves disabling UEFI SecureBoot from the boot menu of your PC or laptop,
194
+
allowing the successful insertion of `hello world'' module.
195
+
Naturally, an alternative involves undergoing intricate procedures such as generating keys, system key installation,
196
+
and module signing to achieve functionality.
197
+
However, this intricate process is less appropriate for beginners. If interested,
198
+
more detailed steps for \href{https://wiki.debian.org/SecureBoot}{SecureBoot} can be explored and followed.
0 commit comments