Custom Kernel want to secure boot with custom private key

Support for security such as Firewalls and securing linux
Post Reply
jack.lan
Posts: 2
Joined: 2018/12/06 09:06:37

Custom Kernel want to secure boot with custom private key

Post by jack.lan » 2018/12/06 09:48:51

OS: CentOS 7.5

I need some help.

My project need secure boot with custom key, so bios secure boot is enable,and because need modify kernel so rebuild kernel source myself follow below website.

path: https://wiki.centos.org/zh-tw/HowTos/Custom_Kernel

but can't boot because invalid signature when secure boot enable.

Even though search about "secure boot" information on google, I don't what to do...

shim or bootx64.efi need to sign? add private or anything to database?

or i need to modify kernel.spec

Source13: centos-ca-secureboot.der
Source14: centossecureboot001.crt

create der and crt with custom private key to replace this file?

I can't found more detail official information , about secure boot in centos 7.

The key security mechanism and secure boot are just like the language of another world. The information on the Internet is too fragmented, especially in Linux. I need some direction or help. :cry:

someone can help?

kaplin.ae
Posts: 1
Joined: 2019/02/07 09:33:10

Re: Custom Kernel want to secure boot with custom private key

Post by kaplin.ae » 2019/02/07 09:50:58

I also need that information. Seems I figured out how I can create centos-ca-secureboot.der certificate. But I need information how I can generate centossecureboot001.crt for kernel and grub signing. Can anybody provide us a detailed information about how I can install Linux on UEFI hardware using signed shim, grub, kernel. How I can sign it? I agree with jack.jan that the information on the Internet is too fragmented.

User avatar
TrevorH
Forum Moderator
Posts: 24569
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Custom Kernel want to secure boot with custom private key

Post by TrevorH » 2019/02/08 09:47:43

CentOS is already secure boot enabled and does not require any modification.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply