Bumblebee now handle the driver signature by itself.
On fedora 26 (should be the same on other releases) the full procedure is :
Install required dependencies dnf install openssl kernel-devel perl mokutil keyutils
Create and cd into a restricted directory such as /root/.kernel-keys
In this directory, create the file keyconf.config
and paste the following content :
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
Execute the command to generate the key :
openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER -out public_key.der -keyout private_key.priv
Request addition of your key to the EFI
mokutil --import public_key.der
Type two time the same password. You will need it only for the next step.
Reboot your PC. A blue (or weird) screen will be prompted depending of your computer. I chose the second option, selected "key 0" then typed the password. The idea is to make your EFI accept the requested key. Your PC will restart.
Boot on Fedora then edit the file /etc/bumblebee/bumblebee-nvidia-sign.conf
. Set the key created in the previous steps :
## Public and private keys to sing the drivers for systems with secure boot (full path)
## Note: the created public key must be imported into the UEFI.
Publickey=/root/.kernel-keys/public_key.der
Privatekey=/root/.kernel-keys/private_key.priv
Launch the bumblebee installation or run bumblebee-nvidia --debug
to build the driver using the keys. It should work. I hope it helped !
Used for reference : https://docs.fedoraproject.org/en-US/Fedora/26/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
Thanks to Fahad answer that helped me a lot.
Sounds fair - I'm going to consider this approach. – Mauren – 2013-09-07T02:37:57.207