mint (ubuntu) kernel Signing
Jason A. Donenfeld
Jason at zx2c4.com
Sat Feb 11 10:14:37 CET 2017
Hey John,
Indeed if you have a secure-boot enabled kernel, you need to sign your
kernel modules before they can be inserted. One option is just to
disable secureboot and then restart:
sudo apt install mokutil
sudo mokutil --disable-validation
But if you'd like to retain the security of secureboot, then you can
add your own signing key to UEFI and sign the kernel module with it.
You can follow basically the same process as described in this
article: http://www.pellegrino.link/2015/11/29/signing-nvidia-proprietary-driver-on-fedora.html
Except you sign wireguard.ko in the end.
Let me know if you have trouble or require more explanation. If this
becomes a real sore point, I'll write some WireGuard-specific
documentation or even write some automated scripts. But I'd be
interested in your feedback first on the above.
Thanks,
Jason
More information about the WireGuard
mailing list