====== Secure Boot and Out of Tree Linux Kernel Drivers ======

If **UEFI Secure Boot** is enabled, the boot loader, the Linux kernel, and all kernel modules must be signed with a private key and authenticated with the corresponding public key.

A certificate is called ''**Machine Owner Key** (MOK)'', and the keys can be maintained using the **''mokutil''** program.

Sources:

  * **SecureBoot - Debian Wiki**\\
    [[https://wiki.debian.org/SecureBoot]]

  * **Working with Kernel Modules** (Fedora User Docs)\\
    [[https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/]]

  * **How to sign things for Secure Boot** (Ubuntu Blog)\\
    [[https://ubuntu.com/blog/how-to-sign-things-for-secure-boot]]


\\
For additional info, search for **''secure boot and out of tree kernel drivers''**.

----

 --- //Martin Burnicki [[martin.burnicki@burnicki.net]], last updated 2022-01-19//