mirror of
https://github.com/morrownr/8821cu-20210916.git
synced 2024-12-22 06:15:50 +00:00
improve Secure Boot support
This commit is contained in:
parent
22f2cb7aa5
commit
4600c193ab
82
FAQ.md
82
FAQ.md
@ -44,43 +44,46 @@ Answer: This [article](https://null-byte.wonderhowto.com/forum/wifi-hacking-atta
|
||||
|
||||
-----
|
||||
|
||||
Secure Boot Information
|
||||
|
||||
Question: The driver installation script completed successfully and the
|
||||
driver is installed but does not seem to be working. What is wrong?
|
||||
|
||||
Answer: Turn secure boot off to see if that allows the driver to work.
|
||||
This driver is primarily tested on Debian based distros such as Ubuntu,
|
||||
Raspberry Pi OS and Kali. In an attempt to make this driver work well on
|
||||
many Linux distros, other distros, including the Arch based Manjaro is
|
||||
used for testing. Currently I do not have installations of Fedora or
|
||||
OpenSUSE available for testing and reply on user reports of success or
|
||||
failure. I have two test systems with secure boot on so as to test secure
|
||||
boot. I have not seen any secure boot problems with Debian based systems
|
||||
and I don't remember problems with Manjaro.
|
||||
Answer: This question often comes up after installing the driver to a
|
||||
system that has Secure Boot on. To test if there is a Secure Boot related
|
||||
problem, turn secure boot off in the system BIOS and reboot. If the driver
|
||||
works as expected after reboot, them the problem is likely related to
|
||||
Secure Boot.
|
||||
|
||||
dkms is used in the installation script. It helps with a lot of issues that
|
||||
will come up if a simple manual installation is used. dkms has the
|
||||
capability to handle the needs of secure boot. dkms was written by and is
|
||||
maintained by Dell. Dell has been offering some Ubuntu pre-loaded systems
|
||||
for years so their devs likely test on Ubuntu. I suspect Fedora and
|
||||
OpenSUSE may be handing their secure boot support differently than Debian
|
||||
based systems and this is leading to problems. This and the other repos
|
||||
I have are VERY heavily used and I am sure there are plenty of non-Debian
|
||||
users that use this driver. Are they all turning off secure boot and not
|
||||
reporting the problem? I don't know. What I do know is that reports like
|
||||
this are rare.
|
||||
What will increase my chances of having a sucessessful installation on a
|
||||
system that has Secure Boot on?
|
||||
|
||||
For the driver to compile and install correctly but not be available
|
||||
tells me there is likely a key issue. Here is an interesting link
|
||||
regarding Debian systems and secure boot:
|
||||
First and foremost, make sure Secure Boot is on when you initially install
|
||||
your Linux distro. If your Linux distro was installed with Secure Boot off,
|
||||
the easiest solution is likely to do a clean reinstallation with Secure Boot
|
||||
on.
|
||||
|
||||
Ubuntu is used as the example but other distros should be similar to one
|
||||
degree or another. During the installation there will be a box on one of
|
||||
installation pages that will appear if the installation program detects
|
||||
that Secure Boot is on. You will need to check the box and supply a
|
||||
password. You can use the same password and you use for the system if you
|
||||
wish. After the installation and reboot completes, the first screen you
|
||||
should see is the mokutil screen. Mokutil will guide you through the
|
||||
process of setting up your system to support Secure Boot
|
||||
|
||||
The `install-driver.sh` script currently supports Secure Boot if `dkms`
|
||||
is installed. Here is a link to the `dkms` website. There is information
|
||||
regarding Secure Boot in two sections in the `README`.
|
||||
|
||||
https://github.com/dell/dkms
|
||||
|
||||
Here is a link regarding Debian and Secure Boot:
|
||||
|
||||
https://wiki.debian.org/SecureBoot
|
||||
|
||||
That document contains a lot of information that can help an investigation
|
||||
into what the real problem is and I invite you and other Fedora, OpemSUSE
|
||||
and users of other distros that show this problem to investigate and
|
||||
present what you know to the devs of your distro via their problem
|
||||
reporting system. Turning off secure boot is NOT a fix. A real fix needs
|
||||
to happen.
|
||||
There is work underway to add Secure Boot suuport for systems that do not
|
||||
have `dkms` available or if a manual installation is desired.
|
||||
|
||||
-----
|
||||
|
||||
@ -90,22 +93,23 @@ Answer: I have a repo that is setup to help with monitor mode:
|
||||
|
||||
https://github.com/morrownr/Monitor_Mode
|
||||
|
||||
Work to improve monitor mode is ongoing with this driver. Your
|
||||
reports of success or failure are needed. If you have yet to buy an
|
||||
adapter to use with monitor mode, there are adapters available that are
|
||||
known to work very well with monitor mode. My recommendation for those
|
||||
looking to buy an adapter for monitor mode is to buy adapters based on
|
||||
the following chipsets: mt7921au, mt7612u, mt7610u, rtl8812au, rtl8821cu and
|
||||
rtl8811au. My specific recommendations for adapters in order of
|
||||
preference are:
|
||||
Work to improve monitor mode is ongoing with this driver. Your reports of
|
||||
success or failure are needed. If you have yet to buy an adapter to use with
|
||||
monitor mode, there are adapters available that are known to work very well
|
||||
with monitor mode. My recommendation for those looking to buy an adapter for
|
||||
monitor mode is to buy adapters based on the following chipsets: mt7921au,
|
||||
mt7612u, mt7610u, rtl8821cu, rtl8812bu, rtl8812au, and rtl8811au. My specific
|
||||
recommendations for adapters in order of preference currently are:
|
||||
|
||||
ALFA AWUS036ACHM - long range - in-kernel driver
|
||||
|
||||
ALFA AWUS036ACM - in-kernel driver
|
||||
|
||||
ALFA AWUS036ACH - long range - [driver](https://github.com/morrownr/8812au-20210629)
|
||||
ALFA AWUS036ACU - in-kernel driver (as of kernel 6.2) and [out-of-kernel driver](https://github.com/morrownr/8821cu)
|
||||
|
||||
ALFA AWUS036ACS - [driver](https://github.com/morrownr/8821au-20210708)
|
||||
ALFA AWUS036ACH - long range - [driver](https://github.com/morrownr/8812au)
|
||||
|
||||
ALFA AWUS036ACS - [driver](https://github.com/morrownr/8821au)
|
||||
|
||||
To ask questions, go to [USB-WiFi](https://github.com/morrownr/USB-WiFi)
|
||||
and post in `Discussions` or `Issues`.
|
||||
|
7
Makefile
7
Makefile
@ -2511,6 +2511,13 @@ uninstall:
|
||||
rm -f $(MODDESTDIR)$(MODULE_NAME).ko
|
||||
/sbin/depmod -a ${KVER}
|
||||
|
||||
sign:
|
||||
@openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Custom MOK/"
|
||||
@mokutil --import MOK.der
|
||||
@$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der 8821cu.ko
|
||||
|
||||
sign-install: all sign install
|
||||
|
||||
backup_rtlwifi:
|
||||
@echo "Making backup rtlwifi drivers"
|
||||
ifneq (,$(wildcard $(STAGINGMODDIR)/rtl*))
|
||||
|
44
README.md
44
README.md
@ -46,9 +46,9 @@ confirm that this is the correct driver for your adapter.
|
||||
|
||||
- hcxdumptool
|
||||
|
||||
### A FAQ is available in this repo with the name FAQ.md
|
||||
### A FAQ is available in this repo with the name `FAQ.md`
|
||||
|
||||
- Please read the FAQ and below documentation before posting issues.
|
||||
- Please read the FAQ and this document before posting issues.
|
||||
|
||||
### Additional documentation is in the file `8821cu.conf`
|
||||
|
||||
@ -147,7 +147,7 @@ sudo dkms status
|
||||
```
|
||||
|
||||
Warning: If you decide to upgrade to a new version of kernel such as
|
||||
5.15 to 5.19, you need to upgrade the driver you have installed with
|
||||
5.15 to 6.1, you need to upgrade the driver you have installed with
|
||||
the newest available before installing the new kernel. Use the
|
||||
following commands in the driver directory:
|
||||
|
||||
@ -185,25 +185,7 @@ It is recommended that you do not delete the driver directory after
|
||||
installation as the directory contains information and scripts that you
|
||||
may need in the future.
|
||||
|
||||
Secure Boot: The installation script, `install-driver.sh`, will
|
||||
automatically support secure boot... if your distro supports the method
|
||||
dkms uses. I regularly test the installation script on systems with
|
||||
secure boot on. It works seemlessly on modern Ubuntu based distros as
|
||||
long as secure boot was set up properly during the installation of the
|
||||
operating system. Some distros, such as the Raspberry Pi OS, do not
|
||||
support secure boot because the hardware they support does not support
|
||||
secure boot making it unnecessary to attempt to support it. There are
|
||||
distros that may require additional steps to sign the driver for secure
|
||||
boot operation. Fedora is an example. In installation Step 3, note that
|
||||
`openssl` must be installed as Fedora does not install it by default.
|
||||
There will also be another step for Fedora after `install-driver.sh`
|
||||
script is completed. This will be explained in the instructions at the
|
||||
appropriate time. Overall, secure boot requires that
|
||||
`openssl` and `mokutil` be installed and that additional steps be
|
||||
performed if necessary. To test if secure boot is the problem: If you
|
||||
install this driver and, after a reboot, the driver is not working, you
|
||||
can go into the BIOS and temporarily turn secure boot off to see if
|
||||
secure boot is the problem.
|
||||
Secure Boot: see FAQ.
|
||||
|
||||
### Installation Steps
|
||||
|
||||
@ -216,7 +198,7 @@ on a best effort basis, based on the steps below.
|
||||
#### Step 2: Update and upgrade system packages (select the option for the distro you are using)
|
||||
|
||||
Note: If your Linux distro does not fall into one of options listed
|
||||
below, you will need to research how to update and upgrade your system
|
||||
below, you will need to research how to `update` and `upgrade` your system
|
||||
packages.
|
||||
|
||||
- Option for Debian based distributions such as Ubuntu, Kali, Armbian and Raspberry Pi OS
|
||||
@ -261,7 +243,17 @@ sudo reboot
|
||||
|
||||
Note: If your Linux distro does not fall into one of options listed
|
||||
below, you will need to research how to properly setup up the development
|
||||
environment for your system.
|
||||
environment for your system. General guidance is given the next paragraph.
|
||||
|
||||
Development Environment Requirements: (package names may vary by distro)
|
||||
|
||||
- Mandatory: `gcc` `make` `bc` `kernel-headers` `build-essential` `git`
|
||||
- Highly recommended: `dkms` `rfkill` `iw` `ip`
|
||||
- Mandatory if Secure Boot is active: `openssl` `mokutil`
|
||||
|
||||
Note: The below options should take care of the mandatory and highly recommended
|
||||
requirements but only you know if Secure Boot is active. If Secure Boot is
|
||||
active on your system, please also install the mandatory packages for Secure Boot.
|
||||
|
||||
- Option for Armbian (arm64)
|
||||
|
||||
@ -289,10 +281,8 @@ sudo apt install -y build-essential dkms git iw
|
||||
|
||||
- Option for Fedora
|
||||
|
||||
Note: Installing `openssl` is only necessary for secure boot support.
|
||||
|
||||
```
|
||||
sudo dnf -y install git dkms kernel-devel openssl
|
||||
sudo dnf -y install git dkms kernel-devel
|
||||
```
|
||||
|
||||
- Option for openSUSE
|
||||
|
Loading…
Reference in New Issue
Block a user