Secure Boot时,提示内核签名无效

Leave a reply

安装新内核后,若启用了Secure Boot,可能会提示内核签名无效,例如:

error: /boot/vmlinuz-5.3.0-7629-generic has invalid signature
error: you need to load the kernel first

此时有3个方案:

  1. 禁用Secure Boot
  2. 对证书签名,可以参考 https://askubuntu.com/questions/762254/why-do-i-get-required-key-not-available-when-install-3rd-party-kernel-modules
  3. 禁用DKMS内核验证,参考 https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS中的方案2

附录:禁用DKMS

  1. Open a terminal (Ctrl + Alt + T), and execute sudo mokutil --disable-validation.

  2. Enter a temporary password between 8 to 16 digits. (For example, 12345678, we will use this password later
  3. Enter the same password again to confirm.
  4. Reboot the system and press any key when you see the blue screen (MOK management

align="left"

  1. Select Change Secure Boot state

align="left"

  1. Enter the password you had selected in Step 2 and press Enter.

align="left"

  1. Select Yes to disable Secure Boot in shim-signed.

align="left"

  1. Press Enter key to finish the whole procedure.

align="left"

To re-enable Secure Boot validation in shim, simply run sudo mokutil --enable-validation.

您可能也喜欢如下文章:

  1. Linux下编译安装MySQL 5.5.23
  2. Ubuntu安装新内核
  3. Ubuntu 10.10上编译安装LNMP:Nginx 0.8.54+MySQL 5.1.56+PHP-FPM 5.3.6
  4. [转]lighttpd配置webdav
  5. Hive UNION ALL报错Top level UNION is not supported currently

Leave a Reply

Your email address will not be published. Required fields are marked *