|
|
@@ -174,6 +174,24 @@ Rest assured, after you get over the initial hurdle of doing it for the first ti
|
|
|
You will not see it unless you look through your \sh|journalctl| .
|
|
|
See \ref{sec:helloworld} for details.
|
|
|
To have immediate access to this information, do all your work from the console.
|
|
|
+ \item SecureBoot.
|
|
|
+ Many contemporary computers are pre-configured with UEFI SecureBoot enabled.
|
|
|
+ It is a security standard that can make sure the device boots using only software that is trusted by original equipment manufacturer.
|
|
|
+ The default Linux kernel from some distributions have also enabled the SecureBoot.
|
|
|
+ For such distributions, the kernel module has to be signed with the security key or you would get the "\emph{ERROR: could not insert module}" when you insert your first hello world module:
|
|
|
+
|
|
|
+\begin{codebash}
|
|
|
+insmod ./hello-1.ko
|
|
|
+\end{codebash}
|
|
|
+ And then you can check further with \sh|dmesg| and see the following text:
|
|
|
+
|
|
|
+ \emph{Lockdown: insmod: unsigned module loading is restricted;
|
|
|
+ see man kernel lockdown.7}
|
|
|
+
|
|
|
+ If you got this message, the simplest way is to disable the UEFI SecureBoot from the PC/laptop boot menu to have your "hello-1" to be inserted.
|
|
|
+ Of course you can go through complicated steps to generate keys, install keys to your system, and finally sign your module to make it work.
|
|
|
+ However, this is not suitable for beginners.
|
|
|
+ You could read and follow the steps in \href{https://wiki.debian.org/SecureBoot}{SecureBoot} if you are interested.
|
|
|
\end{enumerate}
|
|
|
|
|
|
\section{Headers}
|
Iûnn Kiàn-îng