From 98a05c530c858de315c8b697a30fd64408cd59b1 Mon Sep 17 00:00:00 2001 From: morrownr Date: Fri, 30 Jun 2023 01:33:59 -0500 Subject: [PATCH] various updates --- FAQ.md | 42 ++++++++++++++++++++++++++++++++-- Makefile | 3 ++- README.md | 57 ++++++++++++++++++++++++++++++++++++++++++----- dkms-make.sh | 5 ++++- install-driver.sh | 27 +++++++++++++++------- 5 files changed, 116 insertions(+), 18 deletions(-) diff --git a/FAQ.md b/FAQ.md index 474b1ec..8297e9f 100644 --- a/FAQ.md +++ b/FAQ.md @@ -8,7 +8,7 @@ driver is installed but does not seem to be working. What is wrong? Answer: This question often comes up after installing the driver to a system that has Secure Boot on. To test if there is a Secure Boot related problem, turn secure boot off in the system BIOS and reboot. If the driver -works as expected after reboot, them the problem is likely related to +works as expected after reboot, then the problem is likely related to Secure Boot. What will increase my chances of having a sucessessful installation on a @@ -20,7 +20,7 @@ the easiest solution is likely to do a clean reinstallation with Secure Boot on. Ubuntu is used as the example but other distros should be similar to one -degree or another. During the installation there will be a box on one of +degree or another. During the installation there may be a box on one of installation pages that will appear if the installation program detects that Secure Boot is on. You will need to check the appropriate box and supply a password. You can use the same password that you use for the system @@ -44,6 +44,44 @@ https://wiki.debian.org/SecureBoot There is work underway to add Secure Boot support for systems that do not have `dkms` available or if a manual installation is desired. +If you are using a basic command line (non-dkms) installation, see the +following section in the Installation Steps part of the README: + +If you use the `install-driver.sh` script and see the following message + +`SecureBoot enabled - read FAQ about SecureBoot` + +You need to read the following: + +The MOK managerment screen will appear during boot: + +`Shim UEFI Key Management" + +`Press any key...` + +Select "Enroll key" + +Select "Continue" + +Select "Yes" + +When promted, enter the password you entered earlier. + +If you enter the wrong password, your computer will not be bootable. In +this case, use the BOOT menu from your BIOS to boot then as follows: + +``` +sudo mokutil --reset +``` + +Restart your computer and use the BOOT menu from BIOS to boot. In the MOK +managerment screen, select `reset MOK list`. Then Reboot and retry the +driver installation. + +Manual Installation Instructions + +It provides secure boot instructions. + ----- Question: Is WPA3 supported? diff --git a/Makefile b/Makefile index 8ddaf16..5a4e049 100644 --- a/Makefile +++ b/Makefile @@ -2538,7 +2538,7 @@ sign: @mokutil --import MOK.der @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der 88x2bu.ko -sign-install: all sign install +sign-install: sign install backup_rtlwifi: @echo "Making backup rtlwifi drivers" @@ -2595,4 +2595,5 @@ clean: rm -fr Module.symvers ; rm -fr Module.markers ; rm -fr modules.order rm -fr *.mod.c *.mod *.o .*.cmd *.ko *~ rm -fr .tmp_versions + rm -fr MOK.der MOK.priv endif diff --git a/README.md b/README.md index 8b5b24b..7607c11 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ be provided via PR or message in Issues. - [SkiffOS](https://github.com/skiffos/skiffos/) for Odroid XU4 (ARM 32 bit) (kernel 6.0.7) -- [Ubuntu](https://www.ubuntu.com) 22.04 (kernel 5.15) and 22.10 (kernel 5.19) (kernel 6.2) +- [Ubuntu](https://www.ubuntu.com) 22.04 (kernel 5.15), 22.10 (kernel 5.19), 23.04 (kernel 6.2) - [Void Linux](https://voidlinux.org/) (kernel 5.18) @@ -388,16 +388,18 @@ Note: If you elect to skip the reboot at the end of the installation script, the driver may not load immediately and the driver options will not be applied. Rebooting is strongly recommended. -Note: Fedora users that have secure boot turned on should run the following to -enroll the key: +Note: Fedora users that have secure boot turned on may need to run the +following to enroll the key: ``` sudo mokutil --import /var/lib/dkms/mok.pub ``` -Manual build and installation instructions: The above installation steps -automate the installation process, however, if you want to or need to do a -command line installation, use the following: +### Manual Installation Instructions + +Note: The above installation steps automate the installation process, +however, if you want to or need to do a basic command line installation, +use the following: ``` make clean @@ -407,6 +409,8 @@ make clean make ``` +If secure boot is off: + ``` sudo make install ``` @@ -415,6 +419,47 @@ sudo make install sudo reboot ``` +If secure boot is on: + +Note: Please read to the end of this section before coming back here to +enter commands. + +``` +sudo make sign-install +``` + +You will be promted for a password, please remember the password as it +will be used in some of the following steps. + +``` +sudo reboot +``` + +The MOK managerment screen will appear during boot: + +`Shim UEFI Key Management" + +`Press any key...` + +Select "Enroll key" + +Select "Continue" + +Select "Yes" + +When promted, enter the password you entered earlier. + +If you enter the wrong password, your computer will not be bootable. In +this case, use the BOOT menu from your BIOS to boot then as follows: + +``` +sudo mokutil --reset +``` + +Restart your computer and use the BOOT menu from BIOS to boot. In the MOK +managerment screen, select `reset MOK list`. Then Reboot and retry from +the step `sudo make sign-install`. + To remove the driver if installed by the manual installation instructions: ``` diff --git a/dkms-make.sh b/dkms-make.sh index 09e73f7..cecac5c 100755 --- a/dkms-make.sh +++ b/dkms-make.sh @@ -9,7 +9,10 @@ SMEM=$(LANG=C free | awk '/Mem:/ { print $2 }') # sproc needs to be set here if dkms build is not initiated by install-driver.sh sproc=$(nproc) -# avoid Out of Memory condition in low-RAM systems by limiting core usage +# calculate number of cores to be used in order to avoid Out of Memory +# condition in low-RAM systems by limiting core usage. +# this section of code is also in the file install-driver.sh and that +# code should stay the same as this code. if [ "$sproc" -gt 1 ]; then if [ "$SMEM" -lt 1400000 ]; then sproc=2 diff --git a/install-driver.sh b/install-driver.sh index 4a90afe..8d33010 100755 --- a/install-driver.sh +++ b/install-driver.sh @@ -141,6 +141,10 @@ echo ": ${SCRIPT_NAME} v${SCRIPT_VERSION}" # display architecture echo ": ${KARCH} (architecture)" +# calculate number of cores to be used in order to avoid Out of Memory +# condition in low-RAM systems by limiting core usage. +# this section of code is also in the file dkms-make.sh and that +# code should stay the same as this code. SMEM=$(LANG=C free | awk '/Mem:/ { print $2 }') sproc=$(nproc) # avoid Out of Memory condition in low-RAM systems by limiting core usage @@ -189,7 +193,6 @@ else echo ": mokutil not installed" fi - echo ": ---------------------------" echo @@ -286,13 +289,21 @@ if ! command -v dkms >/dev/null 2>&1; then exit $RESULT fi -# As shown in Makefile -# install: -# install -p -m 644 $(MODULE_NAME).ko $(MODDESTDIR) -# /sbin/depmod -a ${KVER} - make install - RESULT=$? - +# if secure boot is active, use sign-install + if command -v mokutil >/dev/null 2>&1; then + if mokutil --sb-state | grep -i enabled >/dev/null 2>&1; then + echo ": SecureBoot enabled - read FAQ about SecureBoot" + make sign-install + RESULT=$? + else + make install + RESULT=$? + fi + else + make install + RESULT=$? + fi + if [ "$RESULT" = "0" ]; then make clean >/dev/null 2>&1 echo "The driver was installed successfully."