signature=480ed9b4309c4160d73ee6155654c6c4,fedora 23 secure boot UEFI主板安装virtualbox 内核 签证问题...

执行脚本如下

f5eb4426879d9c4b4b2deb15679e0746.pngsign.sh.txt

[16:47 t ~]$ cd 下载/

[16:47 t ~/下载]$ ls

module-signing.txt                                              VirtualBox-4.3-4.3.36_105129_fedora18-1.x86_64.rpm

Oracle_VM_VirtualBox_Extension_Pack-4.3.36-105129.vbox-extpack  VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm

Oracle_VM_VirtualBox_Extension_Pack-5.0.18-106667.vbox-extpack  wine-qqintl.zip

scrt-7.3.7.1034.rhel6-64.tar.gz                                 yEd-3.15.0.2_64-bit_setup.sh

[16:47 t ~/下载]$ sudo dnf install VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm

上次元数据过期检查:1:17:21 前,执行于 Wed Apr 20 15:30:30 2016。

依赖关系解决。

========================================================================================================================

Package                     架构                版本                                   仓库                       大小

========================================================================================================================

安装:

VirtualBox-5.0              x86_64              5.0.18_106667_fedora22-1               @commandline               67 M

compat-libvpx1              x86_64              1.3.0-3.fc23                           fedora                    497 k

事务概要

========================================================================================================================

安装  2 软件包

总计:67 M

总下载:497 k

安装大小:151 M

确定吗?[y/N]: y

下载软件包:

compat-libvpx1-1.3.0-3.fc23.x86_64.rpm                                                  1.4 MB/s | 497 kB     00:00

------------------------------------------------------------------------------------------------------------------------

总计                                                                                    178 kB/s | 497 kB     00:02

运行事务检查

事务检查成功。

运行事务测试

事务测试成功。

运行事务

安装: compat-libvpx1-1.3.0-3.fc23.x86_64                                                                          1/2

安装: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64                                                              2/2

Creating group 'vboxusers'. VM users must be member of that group!

No precompiled module for this kernel found -- trying to build one. Messages

emitted during module compilation will be logged to /var/log/vbox-install.log.

Stopping VirtualBox kernel modules [  确定  ]

Uninstalling old VirtualBox DKMS kernel modules [  确定  ]

Trying to register the VirtualBox kernel modules using DKMS [  确定  ]

Starting VirtualBox kernel modules [失败]

(modprobe vboxdrv failed. Please use 'dmesg' to find out why)

验证: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64                                                              1/2

验证: compat-libvpx1-1.3.0-3.fc23.x86_64                                                                          2/2

已安装:

VirtualBox-5.0.x86_64 5.0.18_106667_fedora22-1                   compat-libvpx1.x86_64 1.3.0-3.fc23

完毕!

[16:58 t ~]$ mkdir -p ~/vbox/x509

[16:58 t ~]$ cd vbox/x509/

[16:58 t ~/vbox/x509]$ cat << EOF > configuration_file.config

[ req ]

default_bits = 4096

distinguished_name = req_distinguished_name

prompt = no

string_mask = utf8only

x509_extensions = myexts

[ req_distinguished_name ]

O = Organization        #这里修改成自己的信息,也可以不修改

CN = Organization signing key    #这里修改成自己的信息,也可以不修改

emailAddress = E-mail address    #这里修改成自己的信息,也可以不修改

[ myexts ]

basicConstraints=critical,CA:FALSE

keyUsage=digitalSignature

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid

EOF

[16:58 t ~/vbox/x509]$ openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER -out public_key.der -keyout private_key.priv

[16:58 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring #下面是我当前系统默认的7个证书

[sudo] t 的密码:

8 keys in keyring:

1041839568: ---lswrv     0     0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2

55985921: ---lswrv     0     0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22ccb

200044575: ---lswrv     0     0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42

862159181: ---lswrv     0     0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63

947543670: ---lswrv     0     0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

1038841390: ---lswrv     0     0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4

469056896: ---lswrv     0     0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071

[16:58 t ~/vbox/x509]$ sudo mokutil --import public_key.der

#输入key密钥,等会重启后导入时会输入这个密码。

[16:58 t ~/vbox/x509]$ mokutil --list-new #这里显示要添加的key。

[key 1]

SHA1 Fingerprint: 01:cd:51:f6:de:3d:db:45:a6:f8:19:bd:a6:b5:e5:de:09:01:f8:84

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 16061672967481245458 (0xdee686772d36bf12)

Signature Algorithm: sha256WithRSAEncryption

Issuer: O=Organization, CN=Organization signing key/emailAddress=E-mail address

Validity

Not Before: Apr 20 02:59:41 2016 GMT

Not After : Mar 27 02:59:41 2116 GMT

Subject: O=Organization, CN=Organization signing key/emailAddress=E-mail address

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (4096 bit)

Modulus:

00:db:61:be:e0:b0:e6:59:31:75:64:66:b1:05:da:

76:2c:38:6e:a7:9f:93:a5:2c:5e:79:8b:02:f1:f6:

5f:ed:cb:f0:37:f2:01:ec:32:7c:39:06:6b:1e:c4:

c7:97:83:ef:90:40:a1:c4:f6:ec:40:d5:dd:d7:bb:

67:8a:c4:7d:46:1d:fd:c1:ea:f3:d3:7c:8c:5f:c5:

51:5c:17:57:bf:c8:fb:1d:c8:e2:9f:60:d5:dd:0c:

fd:34:bc:40:f4:46:91:a2:58:f7:9c:e4:7f:0c:03:

ba:fb:85:a0:77:a6:ce:cb:40:29:29:fb:78:7a:71:

4a:de:57:19:d3:5d:33:fb:87:f1:97:dd:ce:2c:08:

62:a7:e3:bb:18:29:54:ee:ce:66:18:e2:1e:c0:f4:

46:97:a2:89:09:84:0d:4c:c1:35:23:bb:af:73:14:

7c:25:af:25:be:b6:dd:33:3b:ad:9e:68:f1:9d:d0:

7c:e0:f2:3d:1d:4b:8c:3c:6f:7a:28:a0:71:6c:bc:

31:ad:15:e8:00:65:6a:ad:cf:2c:a8:3d:25:b2:f1:

09:4e:6d:20:45:3e:ed:92:51:1d:75:f9:28:2c:14:

08:f6:9a:22:1b:a3:6f:f3:56:77:87:a6:06:30:e6:

f5:d4:2e:1d:db:e8:20:1d:a0:e0:a1:25:69:62:11:

c4:5b:3c:23:ab:4d:2a:19:bc:b7:3d:de:d4:75:ab:

84:8f:c6:8c:2c:49:d7:fb:28:6e:17:b4:81:88:19:

8e:c9:c4:08:f8:9c:e4:89:b4:4b:fe:8d:17:ad:e2:

77:4a:fe:3f:66:13:80:98:0e:bf:b2:70:6b:a3:e3:

67:82:0e:e4:cd:fe:9b:a4:e1:e7:31:8c:bc:66:a6:

7d:d1:b2:4b:dc:54:75:5a:24:43:f0:e1:b3:22:ea:

88:c3:8e:23:89:be:f0:0b:83:a8:eb:cf:70:a9:cd:

f9:2e:b5:4a:30:95:b5:7a:49:b1:d0:32:63:00:07:

41:af:c9:b2:c5:b0:fb:35:3b:04:59:79:17:2e:9b:

12:9b:ee:3a:56:63:23:b7:71:f6:66:4f:29:5b:2b:

08:97:4e:c9:2a:93:f4:a2:65:ec:3b:94:b6:88:67:

89:fd:6b:9a:76:f7:e5:ca:3c:d5:a3:bd:c2:8d:83:

8b:df:a1:09:ec:cc:ff:83:a4:b9:10:2f:81:1a:1e:

d8:e5:9b:4f:6b:19:ca:9f:15:11:a7:1c:0e:7e:75:

03:a2:bb:26:7c:71:1d:69:69:ba:d9:5f:ba:ec:c1:

55:e9:51:9e:83:f8:1a:8e:23:f7:7b:4b:bc:a0:df:

e8:f0:e3:51:25:9f:b0:4c:f2:85:e9:83:d6:cb:96:

0c:a9:4f

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Key Usage:

Digital Signature

X509v3 Subject Key Identifier:

53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64

X509v3 Authority Key Identifier:

keyid:53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64

Signature Algorithm: sha256WithRSAEncryption

54:7f:3d:6a:5b:09:4a:ff:36:c6:2b:e0:07:5b:6d:3f:16:f9:

a7:ad:b0:a7:89:36:41:40:10:66:8a:51:51:7c:44:2c:9c:9d:

46:9d:7c:06:d9:65:0d:21:46:96:10:f4:87:dd:e4:8b:05:cc:

ca:57:9d:a7:e5:11:2f:aa:2a:f0:c3:d0:7a:9d:cd:33:0d:a3:

c9:8d:ff:11:43:5f:3b:5f:32:ca:9f:0f:54:d4:2f:79:4c:f9:

d7:bd:2f:f7:9c:34:7b:87:6a:72:c2:64:13:8d:92:cd:02:13:

81:3a:18:da:83:3b:87:a3:bb:f0:39:94:6a:0a:04:f5:b3:40:

37:17:c4:66:c8:73:21:c1:fa:ec:c6:ca:f0:af:ee:ad:ec:75:

3f:44:87:bf:dd:fb:ac:f8:72:44:38:93:2c:22:01:09:a6:81:

c9:da:59:ff:5e:c7:93:b9:7f:0e:88:2b:4b:a0:55:2c:5f:ba:

e7:53:83:e8:70:a0:09:37:75:63:64:47:e2:cc:7d:85:2b:1f:

57:b7:27:10:18:49:45:68:c2:4b:c7:43:47:33:7e:86:d5:61:

86:55:9f:2b:5b:82:0b:e5:09:5c:44:c5:1e:f0:a5:6f:4c:ad:

c9:d9:36:aa:e0:58:ea:70:6d:a3:1c:cb:71:2d:cc:37:69:1e:

16:b2:be:76:0a:89:d2:45:63:7d:c0:e2:d6:a1:c3:f3:2a:4d:

5c:fb:27:ae:60:78:ac:a4:8d:f9:ce:30:89:98:61:66:be:1f:

b6:2e:64:87:33:4b:a2:d5:fa:03:7c:c7:a9:e2:5b:3f:5f:e1:

b4:5e:b0:8f:bf:88:7b:0d:53:fd:9e:58:4d:ae:ee:77:9c:68:

3a:f4:eb:56:8c:37:10:4e:01:c5:fb:ab:46:09:c2:9b:2e:02:

08:24:22:a9:10:29:16:93:d7:9b:36:46:94:8b:d8:53:d9:f9:

ca:d0:be:44:c9:22:f0:ef:ae:fd:24:99:f0:9c:a9:63:ef:b4:

ba:c1:cc:c4:4f:95:0c:5b:61:fb:2e:2a:8a:7c:c6:61:7c:80:

fb:74:29:00:6b:bf:55:78:76:0e:a7:99:91:14:f6:4b:8e:7c:

fc:f0:11:03:e8:e6:88:e7:52:a4:b8:51:5c:dd:65:8e:4d:1b:

1d:4d:92:8c:63:d5:21:42:1e:91:62:c5:ab:5b:cc:63:9b:c5:

ab:69:a3:ef:13:f3:d1:a5:c4:0f:f9:74:73:4b:74:1c:3c:ac:

ee:cd:e7:af:dd:3a:26:77:03:d6:38:5b:f4:07:0d:7a:81:12:

5b:40:aa:c5:91:6d:f4:f2:9d:34:58:c6:51:12:37:9c:ff:45:

58:aa:27:7d:ad:84:db:e0

[17:17 t ~/vbox/x509]$ reboot

重启服务器后不要按任何键,启动后按照显示使用键盘上下键选择一步步导入证书。

[17:26 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring

[sudo] t 的密码:

8 keys in keyring:

1041839568: ---lswrv     0     0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2

55985921: ---lswrv     0     0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22ccb

200044575: ---lswrv     0     0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42

188041295: ---lswrv     0     0 asymmetric: Organization signing key: 53976377753f4dcfd66877d53f7a9736a9bec764    #这个是我们添加的证书

862159181: ---lswrv     0     0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63

947543670: ---lswrv     0     0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

1038841390: ---lswrv     0     0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4

469056896: ---lswrv     0     0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071

[17:20 t ~/vbox/x509]$ uname -a

Linux localhost.localdomain 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[17:20 t ~/vbox/x509]$ for mod in vboxpci vboxnetadp vboxnetflt vboxdrv;do sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha512 private_key.priv public_key.der `modinfo -n $mod`;done

[17:22 t ~/vbox/x509]$ hexdump -C $(modinfo -n vboxdrv) |tail -n5

000845b0  2d c3 66 78 53 d8 e6 ff  e9 00 00 02 00 00 00 00  |-.fxS...........|

000845c0  00 00 00 02 c9 7e 4d 6f  64 75 6c 65 20 73 69 67  |.....~Module sig|

000845d0  6e 61 74 75 72 65 20 61  70 70 65 6e 64 65 64 7e  |nature appended~|

000845e0  0a                                                |.|

000845e1

签证信息会附加到模块的最后,之前一直使用modinfo vboxdrv查看签证信息,在fedora23上这个已经不行了,签证完成后显示的信息与之前没有任何区别,所以走了不少弯路。

[17:25 t ~/vbox/x509]$ modprobe vboxdrv

1b77ce69b0f325ccba7398baf1ff64df.png

阅读(4256) | 评论(0) | 转发(0) |

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值