emacs/var/elfeed/db/data/0d/0d167f26c8925473c1a6e5dc874467264940c175

<!-- SC_OFF --><div class="md"><p>I use <code>linux-xanmod-anbox</code> kernel. It seems this kernel hasn&#39;t been signed. </p> <p>Following <a href="https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_EFI_binaries">https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_EFI_binaries</a>, I could sign the kernel by</p> <p><code> sbsign --key db.key --cert db.crt --output /boot/initramfs-linux-xanmod-anbox.img /boot/initramfs-linux-xanmod-anbox.img </code></p> <p>But where to obtian <code>db.key</code> and <code>db.crt</code> files?</p> <p>I have signed <code>refind</code> by <code>PreLoader</code>.</p> <p>Cheers (:</p> <p>Edit:</p> <p>Well, thanks to <a href="/u/K900_">u/K900_</a> I got those files generated by <code>openssl</code>. I could sign the kernel, but unfortunately, it didn&#39;t boot as it showed it was failed to verify.</p> <p>Anyway, <code>refind</code>&#39;s has built-in <code>HashTool</code>, just had to enable by <code> showtools shutdown,reboot,mok_tool,firmware </code></p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/mishab_mizzunet"> /u/mishab_mizzunet </a> <br/> <span><a href="https://www.reddit.com/r/archlinux/comments/rabuue/how_to_sign_kernel_for_secure_boot/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/archlinux/comments/rabuue/how_to_sign_kernel_for_secure_boot/">[comments]</a></span>