当前位置首页 > Fedora知识

fedora23securebootUEFI主板安装virtualbox内核签证问题

阅读次数:444 次  来源:admin  发布时间:

执行脚本如下

fedora23securebootUEFI主板安装virtualbox内核签证问题

sign.sh.txt

[16:47 t ~]$ cd 下载/

[16:47 t ~/下载]$ l

module-signing.txt VirtualBox-4.3-4.3.36_105129_fedora18-1.x86_64.rpm

Oracle_VM_VirtualBox_Extension_Pack-4.3.36-105129.vbox-extpack VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm

Oracle_VM_VirtualBox_Extension_Pack-5.0.18-106667.vbox-extpack wine-qqintl.zi

crt-7.3.7.1034.rhel6-64.tar.gz yEd-3.15.0.2_64-bit_setup.sh

[16:47 t ~/下载]$ sudo dnf install VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm

上次元数据过期检查:1:17:21 前,执行于 Wed Apr 20 15:30:30 2016。

依赖关系解决。

========================================================================================================================

Package 架构 版本 仓库 大小

========================================================================================================================

安装:

VirtualBox-5.0 x86_64 5.0.18_106667_fedora22-1 @commandline 67 M

compat-libvpx1 x86_64 1.3.0-3.fc23 fedora 497 k

事务概要

========================================================================================================================

安装 2 软件包

总计:67 M

总下载:497 k

安装大小:151 M

确定吗?[y/N]: y

下载软件包:

compat-libvpx1-1.3.0-3.fc23.x86_64.rpm 1.4 MB/s | 497 kB 00:00

------------------------------------------------------------------------------------------------------------------------

总计 178 kB/s | 497 kB 00:02

运行事务检查

事务检查成功。

运行事务测试

事务测试成功。

运行事务

安装: compat-libvpx1-1.3.0-3.fc23.x86_64 1/2

安装: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64 2/2

Creating group 'vboxusers'. VM users must be member of that group!

No precompiled module for this kernel found -- trying to build one. Message

emitted during module compilation will be logged to /var/log/vbox-install.log.

Stopping VirtualBox kernel modules [ 确定 ]

Uninstalling old VirtualBox DKMS kernel modules [ 确定 ]

Trying to register the VirtualBox kernel modules using DKMS [ 确定 ]

Starting VirtualBox kernel modules [失败]

(modprobe vboxdrv failed. Please use 'dmesg' to find out why)

验证: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64 1/2

验证: compat-libvpx1-1.3.0-3.fc23.x86_64 2/2

已安装:

VirtualBox-5.0.x86_64 5.0.18_106667_fedora22-1 compat-libvpx1.x86_64 1.3.0-3.fc23

完毕!

[16:58 t ~]$ mkdir -p ~/vbox/x509

[16:58 t ~]$ cd vbox/x509/

[16:58 t ~/vbox/x509]$ cat configuration_file.config

[ req ]

default_bits = 4096

distinguished_name = req_distinguished_name

rompt = no

tring_mask = utf8only

x509_extensions = myext

[ req_distinguished_name ]

O = Organization #这里修改成自己的信息,也可以不修改

CN = Organization signing key #这里修改成自己的信息,也可以不修改

emailAddress = E-mail address #这里修改成自己的信息,也可以不修改

[ myexts ]

asicConstraints=critical,CA:FALSE

keyUsage=digitalSignature

ubjectKeyIdentifier=hash

authorityKeyIdentifier=keyid

EOF

[16:58 t ~/vbox/x509]$ openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER -out public_key.der -keyout private_key.priv

[16:58 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring #下面是我当前系统默认的7个证书

[sudo] t 的密码:

8 keys in keyring:

1041839568: ---lswrv 0 0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2

55985921: ---lswrv 0 0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22cc

200044575: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42

862159181: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63

947543670: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

1038841390: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4

469056896: ---lswrv 0 0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071

[16:58 t ~/vbox/x509]$ sudo mokutil --import public_key.der

#输入key**,等会重启后导入时会输入这个密码。

[16:58 t ~/vbox/x509]$ mokutil --list-new #这里显示要添加的key。

[key 1]

SHA1 Fingerprint: 01:cd:51:f6:de:3d:db:45:a6:f8:19:bd:a6:b5:e5:de:09:01:f8:84

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 16061672967481245458 (0xdee686772d36bf12)

Signature Algorithm: sha256WithRSAEncryptio

Issuer: O=Organization, CN=Organization signing key/emailAddress=E-mail addre

Validity

Not Before: Apr 20 02:59:41 2016 GMT

Not After : Mar 27 02:59:41 2116 GMT

Subject: O=Organization, CN=Organization signing key/emailAddress=E-mail addre

Subject Public Key Info:

Public Key Algorithm: rsaEncryptio

Public-Key: (4096 bit)

Modulus:

00:db:61:be:e0:b0:e6:59:31:75:64:66:b1:05:da:

76:2c:38:6e:a7:9f:93:a5:2c:5e:79:8b:02:f1:f6:

5f:ed:cb:f0:37:f2:01:ec:32:7c:39:06:6b:1e:c4:

c7:97:83:ef:90:40:a1:c4:f6:ec:40:d5:dd:d7:bb:

67:8a:c4:7d:46:1d:fd:c1:ea:f3:d3:7c:8c:5f:c5:

51:5c:17:57:bf:c8:fb:1d:c8:e2:9f:60:d5:dd:0c:

fd:34:bc:40:f4:46:91:a2:58:f7:9c:e4:7f:0c:03:

a:fb:85:a0:77:a6:ce:cb:40:29:29:fb:78:7a:71:

4a:de:57:19:d3:5d:33:fb:87:f1:97:dd:ce:2c:08:

62:a7:e3:bb:18:29:54:ee:ce:66:18:e2:1e:c0:f4:

46:97:a2:89:09:84:0d:4c:c1:35:23:bb:af:73:14:

7c:25:af:25:be:b6:dd:33:3b:ad:9e:68:f1:9d:d0:

7c:e0:f2:3d:1d:4b:8c:3c:6f:7a:28:a0:71:6c:bc:

31:ad:15:e8:00:65:6a:ad:cf:2c:a8:3d:25:b2:f1:

09:4e:6d:20:45:3e:ed:92:51:1d:75:f9:28:2c:14:

08:f6:9a:22:1b:a3:6f:f3:56:77:87:a6:06:30:e6:

f5:d4:2e:1d:db:e8:20:1d:a0:e0:a1:25:69:62:11:

c4:5b:3c:23:ab:4d:2a:19:bc:b7:3d:de:d4:75:ab:

84:8f:c6:8c:2c:49:d7:fb:28:6e:17:b4:81:88:19:

8e:c9:c4:08:f8:9c:e4:89:b4:4b:fe:8d:17:ad:e2:

77:4a:fe:3f:66:13:80:98:0e:bf:b2:70:6b:a3:e3:

67:82:0e:e4:cd:fe:9b:a4:e1:e7:31:8c:bc:66:a6:

7d:d1:b2:4b:dc:54:75:5a:24:43:f0:e1:b3:22:ea:

88:c3:8e:23:89:be:f0:0b:83:a8:eb:cf:70:a9:cd:

f9:2e:b5:4a:30:95:b5:7a:49:b1:d0:32:63:00:07:

41:af:c9:b2:c5:b0:fb:35:3b:04:59:79:17:2e:9b:

12:9b:ee:3a:56:63:23:b7:71:f6:66:4f:29:5b:2b:

08:97:4e:c9:2a:93:f4:a2:65:ec:3b:94:b6:88:67:

89:fd:6b:9a:76:f7:e5:ca:3c:d5:a3:bd:c2:8d:83:

8b:df:a1:09:ec:cc:ff:83:a4:b9:10:2f:81:1a:1e:

d8:e5:9b:4f:6b:19:ca:9f:15:11:a7:1c:0e:7e:75:

03:a2:bb:26:7c:71:1d:69:69:ba:d9:5f:ba:ec:c1:

55:e9:51:9e:83:f8:1a:8e:23:f7:7b:4b:bc:a0:df:

e8:f0:e3:51:25:9f:b0:4c:f2:85:e9:83:d6:cb:96:

0c:a9:4f

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Key Usage:

Digital Signature

X509v3 Subject Key Identifier:

53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64

X509v3 Authority Key Identifier:

keyid:53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64

Signature Algorithm: sha256WithRSAEncryptio

54:7f:3d:6a:5b:09:4a:ff:36:c6:2b:e0:07:5b:6d:3f:16:f9:

a7:ad:b0:a7:89:36:41:40:10:66:8a:51:51:7c:44:2c:9c:9d:

46:9d:7c:06:d9:65:0d:21:46:96:10:f4:87:dd:e4:8b:05:cc:

ca:57:9d:a7:e5:11:2f:aa:2a:f0:c3:d0:7a:9d:cd:33:0d:a3:

c9:8d:ff:11:43:5f:3b:5f:32:ca:9f:0f:54:d4:2f:79:4c:f9:

d7:bd:2f:f7:9c:34:7b:87:6a:72:c2:64:13:8d:92:cd:02:13:

81:3a:18:da:83:3b:87:a3:bb:f0:39:94:6a:0a:04:f5:b3:40:

37:17:c4:66:c8:73:21:c1:fa:ec:c6:ca:f0:af:ee:ad:ec:75:

3f:44:87:bf:dd:fb:ac:f8:72:44:38:93:2c:22:01:09:a6:81:

c9:da:59:ff:5e:c7:93:b9:7f:0e:88:2b:4b:a0:55:2c:5f:ba:

e7:53:83:e8:70:a0:09:37:75:63:64:47:e2:cc:7d:85:2b:1f:

57:b7:27:10:18:49:45:68:c2:4b:c7:43:47:33:7e:86:d5:61:

86:55:9f:2b:5b:82:0b:e5:09:5c:44:c5:1e:f0:a5:6f:4c:ad:

c9:d9:36:aa:e0:58:ea:70:6d:a3:1c:cb:71:2d:cc:37:69:1e:

16:b2:be:76:0a:89:d2:45:63:7d:c0:e2:d6:a1:c3:f3:2a:4d:

5c:fb:27:ae:60:78:ac:a4:8d:f9:ce:30:89:98:61:66:be:1f:

6:2e:64:87:33:4b:a2:d5:fa:03:7c:c7:a9:e2:5b:3f:5f:e1:

4:5e:b0:8f:bf:88:7b:0d:53:fd:9e:58:4d:ae:ee:77:9c:68:

3a:f4:eb:56:8c:37:10:4e:01:c5:fb:ab:46:09:c2:9b:2e:02:

08:24:22:a9:10:29:16:93:d7:9b:36:46:94:8b:d8:53:d9:f9:

ca:d0:be:44:c9:22:f0:ef:ae:fd:24:99:f0:9c:a9:63:ef:b4:

a:c1:cc:c4:4f:95:0c:5b:61:fb:2e:2a:8a:7c:c6:61:7c:80:

fb:74:29:00:6b:bf:55:78:76:0e:a7:99:91:14:f6:4b:8e:7c:

fc:f0:11:03:e8:e6:88:e7:52:a4:b8:51:5c:dd:65:8e:4d:1b:

1d:4d:92:8c:63:d5:21:42:1e:91:62:c5:ab:5b:cc:63:9b:c5:

ab:69:a3:ef:13:f3:d1:a5:c4:0f:f9:74:73:4b:74:1c:3c:ac:

ee:cd:e7:af:dd:3a:26:77:03:d6:38:5b:f4:07:0d:7a:81:12:

5b:40:aa:c5:91:6d:f4:f2:9d:34:58:c6:51:12:37:9c:ff:45:

58:aa:27:7d:ad:84:db:e0

[17:17 t ~/vbox/x509]$ reboot

重启服务器后不要按任何键,启动后按照显示使用键盘上下键选择一步步导入证书。

[17:26 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring

[sudo] t 的密码:

8 keys in keyring:

1041839568: ---lswrv 0 0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2

55985921: ---lswrv 0 0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22cc

200044575: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42

188041295: ---lswrv 0 0 asymmetric: Organization signing key: 53976377753f4dcfd66877d53f7a9736a9bec764 #这个是我们添加的证书

862159181: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63

947543670: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

1038841390: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4

469056896: ---lswrv 0 0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071

[17:20 t ~/vbox/x509]$ uname -a

Linux localhost.localdomain 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[17:20 t ~/vbox/x509]$ for mod in vboxpci vboxnetadp vboxnetflt vboxdrv;do sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha512 private_key.priv public_key.der `modinfo -n $mod`;done

[17:22 t ~/vbox/x509]$ hexdump -C $(modinfo -n vboxdrv) |tail -n5

000845b0 2d c3 66 78 53 d8 e6 ff e9 00 00 02 00 00 00 00 |-.fxS...........

000845c0 00 00 00 02 c9 7e 4d 6f 64 75 6c 65 20 73 69 67 |.....~Module sig

000845d0 6e 61 74 75 72 65 20 61 70 70 65 6e 64 65 64 7e |nature appended~

000845e0 0a |.

000845e1

签证信息会附加到模块的最后,之前一直使用modinfo vboxdrv查看签证信息,在fedora23上这个已经不行了,签证完成后显示的信息与之前没有任何区别,所以走了不少弯路。

[17:25 t ~/vbox/x509]$ modprobe vboxdrv

fedora23securebootUEFI主板安装virtualbox内核签证问题

上一篇:在Fedora25中更换openjdk为oraclejdk
下一篇:fedora使用macosx字体和渲染方式