I am on Ubuntu 16.04.1 LTS/32 bits (non uefi) with the kernel 4.4.0-59-generic and a non uefi (normal bios) motherboard. I want to recompile the kernel because I cannot load unsigned or self-signed modules (it is a bug in Ubuntu). Rod Smith recommended to recompile the kernel.
Which kernel parameter do I have to change? My list of parameters to change from y to n is:
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_MODULES_USE_ELF_REL=y
Are these kernel parameter changes reasonable and do I need more parameters?
============= update ===============================================
I have disabled the following 26 parameters:
CONFIG_SYSTEM_DATA_VERIFICATION=y
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_MODULE_SIG_SHA512=y
CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_ACPI_BGRT=y
CONFIG_FB_EFI=y
CONFIG_EFI_VARS=y
CONFIG_EFI_ESRT=y
CONFIG_EFI_VARS_PSTORE=m
CONFIG_EFI_RUNTIME_MAP=y
CONFIG_EFI_RUNTIME_WRAPPERS=y
CONFIG_EFI_TEST=m
CONFIG_EFIVAR_FS=y
CONFIG_EARLY_PRINTK_EFI=y
CONFIG_TRUSTED_KEYS=y
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_UCS2_STRING=y
No comments:
Post a Comment