Hi yamato, thank you! Good news, this time the fix is working and I was able to kdump in my secureboot system. So, I'll move on and change title/component/description of this LP to proceed with the SRU - I hope next kernel (after 4.15.0-97) will have the fix =)
In order to test the kernel, you must follow the below procedures (as root user):
[I assume you don't have the proposed pocket enabled in your system, if so please disable it before testing]
Extract it and you'll see a file uefi.crt in "control/" folder. You can use the following command to extract its .DER key:
openssl x509 -in uefi.crt -outform der -out cert.der
Finally, I'm running "mokutil --import cert.der" to enroll the certificate on shim. After that, you must reboot and you firmware should present you a MOK utility to enroll the key (OVMF does, I need to access through serial console when booting).
With all these steps, I was able to test successfully the kernel, and produced a kernel dump.
Cheers,
Hi yamato, thank you! Good news, this time the fix is working and I was able to kdump in my secureboot system. So, I'll move on and change title/component /description of this LP to proceed with the SRU - I hope next kernel (after 4.15.0-97) will have the fix =)
In order to test the kernel, you must follow the below procedures (as root user):
[I assume you don't have the proposed pocket enabled in your system, if so please disable it before testing]
add-apt-repository ppa:gpiccoli/ test1869672- 2 4.15.0- 97-generic linux-modules- 4.15.0- 97-generic linux-modules- extra-4. 15.0-97- generic
apt-get update
apt-get install linux-image-
Then, get the file: http:// ppa.launchpad. net/gpiccoli/ test1869672- 2/ubuntu/ dists/bionic/ main/signed/ linux-amd64/ 4.15.0- 97.98+TEST00000 00v20200423b3/ signed. tar.gz
Extract it and you'll see a file uefi.crt in "control/" folder. You can use the following command to extract its .DER key:
openssl x509 -in uefi.crt -outform der -out cert.der
Finally, I'm running "mokutil --import cert.der" to enroll the certificate on shim. After that, you must reboot and you firmware should present you a MOK utility to enroll the key (OVMF does, I need to access through serial console when booting).
With all these steps, I was able to test successfully the kernel, and produced a kernel dump.
Cheers,
Guilherme