mint (ubuntu) kernel Signing

Jason A. Donenfeld Jason at
Sat Feb 11 10:14:37 CET 2017

Hey John,

Indeed if you have a secure-boot enabled kernel, you need to sign your
kernel modules before they can be inserted. One option is just to
disable secureboot and then restart:

sudo apt install mokutil
sudo mokutil --disable-validation

But if you'd like to retain the security of secureboot, then you can
add your own signing key to UEFI and sign the kernel module with it.
You can follow basically the same process as described in this
Except you sign wireguard.ko in the end.

Let me know if you have trouble or require more explanation. If this
becomes a real sore point, I'll write some WireGuard-specific
documentation or even write some automated scripts. But I'd be
interested in your feedback first on the above.


More information about the WireGuard mailing list