mirror of
https://github.com/morrownr/8821cu-20210916.git
synced 2024-12-22 14:26:30 +00:00
improve Secure Boot support
This commit is contained in:
parent
22f2cb7aa5
commit
4600c193ab
82
FAQ.md
82
FAQ.md
@ -44,43 +44,46 @@ Answer: This [article](https://null-byte.wonderhowto.com/forum/wifi-hacking-atta
|
|||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
Secure Boot Information
|
||||||
|
|
||||||
Question: The driver installation script completed successfully and the
|
Question: The driver installation script completed successfully and the
|
||||||
driver is installed but does not seem to be working. What is wrong?
|
driver is installed but does not seem to be working. What is wrong?
|
||||||
|
|
||||||
Answer: Turn secure boot off to see if that allows the driver to work.
|
Answer: This question often comes up after installing the driver to a
|
||||||
This driver is primarily tested on Debian based distros such as Ubuntu,
|
system that has Secure Boot on. To test if there is a Secure Boot related
|
||||||
Raspberry Pi OS and Kali. In an attempt to make this driver work well on
|
problem, turn secure boot off in the system BIOS and reboot. If the driver
|
||||||
many Linux distros, other distros, including the Arch based Manjaro is
|
works as expected after reboot, them the problem is likely related to
|
||||||
used for testing. Currently I do not have installations of Fedora or
|
Secure Boot.
|
||||||
OpenSUSE available for testing and reply on user reports of success or
|
|
||||||
failure. I have two test systems with secure boot on so as to test secure
|
|
||||||
boot. I have not seen any secure boot problems with Debian based systems
|
|
||||||
and I don't remember problems with Manjaro.
|
|
||||||
|
|
||||||
dkms is used in the installation script. It helps with a lot of issues that
|
What will increase my chances of having a sucessessful installation on a
|
||||||
will come up if a simple manual installation is used. dkms has the
|
system that has Secure Boot on?
|
||||||
capability to handle the needs of secure boot. dkms was written by and is
|
|
||||||
maintained by Dell. Dell has been offering some Ubuntu pre-loaded systems
|
|
||||||
for years so their devs likely test on Ubuntu. I suspect Fedora and
|
|
||||||
OpenSUSE may be handing their secure boot support differently than Debian
|
|
||||||
based systems and this is leading to problems. This and the other repos
|
|
||||||
I have are VERY heavily used and I am sure there are plenty of non-Debian
|
|
||||||
users that use this driver. Are they all turning off secure boot and not
|
|
||||||
reporting the problem? I don't know. What I do know is that reports like
|
|
||||||
this are rare.
|
|
||||||
|
|
||||||
For the driver to compile and install correctly but not be available
|
First and foremost, make sure Secure Boot is on when you initially install
|
||||||
tells me there is likely a key issue. Here is an interesting link
|
your Linux distro. If your Linux distro was installed with Secure Boot off,
|
||||||
regarding Debian systems and secure boot:
|
the easiest solution is likely to do a clean reinstallation with Secure Boot
|
||||||
|
on.
|
||||||
|
|
||||||
|
Ubuntu is used as the example but other distros should be similar to one
|
||||||
|
degree or another. During the installation there will be a box on one of
|
||||||
|
installation pages that will appear if the installation program detects
|
||||||
|
that Secure Boot is on. You will need to check the box and supply a
|
||||||
|
password. You can use the same password and you use for the system if you
|
||||||
|
wish. After the installation and reboot completes, the first screen you
|
||||||
|
should see is the mokutil screen. Mokutil will guide you through the
|
||||||
|
process of setting up your system to support Secure Boot
|
||||||
|
|
||||||
|
The `install-driver.sh` script currently supports Secure Boot if `dkms`
|
||||||
|
is installed. Here is a link to the `dkms` website. There is information
|
||||||
|
regarding Secure Boot in two sections in the `README`.
|
||||||
|
|
||||||
|
https://github.com/dell/dkms
|
||||||
|
|
||||||
|
Here is a link regarding Debian and Secure Boot:
|
||||||
|
|
||||||
https://wiki.debian.org/SecureBoot
|
https://wiki.debian.org/SecureBoot
|
||||||
|
|
||||||
That document contains a lot of information that can help an investigation
|
There is work underway to add Secure Boot suuport for systems that do not
|
||||||
into what the real problem is and I invite you and other Fedora, OpemSUSE
|
have `dkms` available or if a manual installation is desired.
|
||||||
and users of other distros that show this problem to investigate and
|
|
||||||
present what you know to the devs of your distro via their problem
|
|
||||||
reporting system. Turning off secure boot is NOT a fix. A real fix needs
|
|
||||||
to happen.
|
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
@ -90,22 +93,23 @@ Answer: I have a repo that is setup to help with monitor mode:
|
|||||||
|
|
||||||
https://github.com/morrownr/Monitor_Mode
|
https://github.com/morrownr/Monitor_Mode
|
||||||
|
|
||||||
Work to improve monitor mode is ongoing with this driver. Your
|
Work to improve monitor mode is ongoing with this driver. Your reports of
|
||||||
reports of success or failure are needed. If you have yet to buy an
|
success or failure are needed. If you have yet to buy an adapter to use with
|
||||||
adapter to use with monitor mode, there are adapters available that are
|
monitor mode, there are adapters available that are known to work very well
|
||||||
known to work very well with monitor mode. My recommendation for those
|
with monitor mode. My recommendation for those looking to buy an adapter for
|
||||||
looking to buy an adapter for monitor mode is to buy adapters based on
|
monitor mode is to buy adapters based on the following chipsets: mt7921au,
|
||||||
the following chipsets: mt7921au, mt7612u, mt7610u, rtl8812au, rtl8821cu and
|
mt7612u, mt7610u, rtl8821cu, rtl8812bu, rtl8812au, and rtl8811au. My specific
|
||||||
rtl8811au. My specific recommendations for adapters in order of
|
recommendations for adapters in order of preference currently are:
|
||||||
preference are:
|
|
||||||
|
|
||||||
ALFA AWUS036ACHM - long range - in-kernel driver
|
ALFA AWUS036ACHM - long range - in-kernel driver
|
||||||
|
|
||||||
ALFA AWUS036ACM - in-kernel driver
|
ALFA AWUS036ACM - in-kernel driver
|
||||||
|
|
||||||
ALFA AWUS036ACH - long range - [driver](https://github.com/morrownr/8812au-20210629)
|
ALFA AWUS036ACU - in-kernel driver (as of kernel 6.2) and [out-of-kernel driver](https://github.com/morrownr/8821cu)
|
||||||
|
|
||||||
ALFA AWUS036ACS - [driver](https://github.com/morrownr/8821au-20210708)
|
ALFA AWUS036ACH - long range - [driver](https://github.com/morrownr/8812au)
|
||||||
|
|
||||||
|
ALFA AWUS036ACS - [driver](https://github.com/morrownr/8821au)
|
||||||
|
|
||||||
To ask questions, go to [USB-WiFi](https://github.com/morrownr/USB-WiFi)
|
To ask questions, go to [USB-WiFi](https://github.com/morrownr/USB-WiFi)
|
||||||
and post in `Discussions` or `Issues`.
|
and post in `Discussions` or `Issues`.
|
||||||
|
7
Makefile
7
Makefile
@ -2511,6 +2511,13 @@ uninstall:
|
|||||||
rm -f $(MODDESTDIR)$(MODULE_NAME).ko
|
rm -f $(MODDESTDIR)$(MODULE_NAME).ko
|
||||||
/sbin/depmod -a ${KVER}
|
/sbin/depmod -a ${KVER}
|
||||||
|
|
||||||
|
sign:
|
||||||
|
@openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Custom MOK/"
|
||||||
|
@mokutil --import MOK.der
|
||||||
|
@$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der 8821cu.ko
|
||||||
|
|
||||||
|
sign-install: all sign install
|
||||||
|
|
||||||
backup_rtlwifi:
|
backup_rtlwifi:
|
||||||
@echo "Making backup rtlwifi drivers"
|
@echo "Making backup rtlwifi drivers"
|
||||||
ifneq (,$(wildcard $(STAGINGMODDIR)/rtl*))
|
ifneq (,$(wildcard $(STAGINGMODDIR)/rtl*))
|
||||||
|
44
README.md
44
README.md
@ -46,9 +46,9 @@ confirm that this is the correct driver for your adapter.
|
|||||||
|
|
||||||
- hcxdumptool
|
- hcxdumptool
|
||||||
|
|
||||||
### A FAQ is available in this repo with the name FAQ.md
|
### A FAQ is available in this repo with the name `FAQ.md`
|
||||||
|
|
||||||
- Please read the FAQ and below documentation before posting issues.
|
- Please read the FAQ and this document before posting issues.
|
||||||
|
|
||||||
### Additional documentation is in the file `8821cu.conf`
|
### Additional documentation is in the file `8821cu.conf`
|
||||||
|
|
||||||
@ -147,7 +147,7 @@ sudo dkms status
|
|||||||
```
|
```
|
||||||
|
|
||||||
Warning: If you decide to upgrade to a new version of kernel such as
|
Warning: If you decide to upgrade to a new version of kernel such as
|
||||||
5.15 to 5.19, you need to upgrade the driver you have installed with
|
5.15 to 6.1, you need to upgrade the driver you have installed with
|
||||||
the newest available before installing the new kernel. Use the
|
the newest available before installing the new kernel. Use the
|
||||||
following commands in the driver directory:
|
following commands in the driver directory:
|
||||||
|
|
||||||
@ -185,25 +185,7 @@ It is recommended that you do not delete the driver directory after
|
|||||||
installation as the directory contains information and scripts that you
|
installation as the directory contains information and scripts that you
|
||||||
may need in the future.
|
may need in the future.
|
||||||
|
|
||||||
Secure Boot: The installation script, `install-driver.sh`, will
|
Secure Boot: see FAQ.
|
||||||
automatically support secure boot... if your distro supports the method
|
|
||||||
dkms uses. I regularly test the installation script on systems with
|
|
||||||
secure boot on. It works seemlessly on modern Ubuntu based distros as
|
|
||||||
long as secure boot was set up properly during the installation of the
|
|
||||||
operating system. Some distros, such as the Raspberry Pi OS, do not
|
|
||||||
support secure boot because the hardware they support does not support
|
|
||||||
secure boot making it unnecessary to attempt to support it. There are
|
|
||||||
distros that may require additional steps to sign the driver for secure
|
|
||||||
boot operation. Fedora is an example. In installation Step 3, note that
|
|
||||||
`openssl` must be installed as Fedora does not install it by default.
|
|
||||||
There will also be another step for Fedora after `install-driver.sh`
|
|
||||||
script is completed. This will be explained in the instructions at the
|
|
||||||
appropriate time. Overall, secure boot requires that
|
|
||||||
`openssl` and `mokutil` be installed and that additional steps be
|
|
||||||
performed if necessary. To test if secure boot is the problem: If you
|
|
||||||
install this driver and, after a reboot, the driver is not working, you
|
|
||||||
can go into the BIOS and temporarily turn secure boot off to see if
|
|
||||||
secure boot is the problem.
|
|
||||||
|
|
||||||
### Installation Steps
|
### Installation Steps
|
||||||
|
|
||||||
@ -216,7 +198,7 @@ on a best effort basis, based on the steps below.
|
|||||||
#### Step 2: Update and upgrade system packages (select the option for the distro you are using)
|
#### Step 2: Update and upgrade system packages (select the option for the distro you are using)
|
||||||
|
|
||||||
Note: If your Linux distro does not fall into one of options listed
|
Note: If your Linux distro does not fall into one of options listed
|
||||||
below, you will need to research how to update and upgrade your system
|
below, you will need to research how to `update` and `upgrade` your system
|
||||||
packages.
|
packages.
|
||||||
|
|
||||||
- Option for Debian based distributions such as Ubuntu, Kali, Armbian and Raspberry Pi OS
|
- Option for Debian based distributions such as Ubuntu, Kali, Armbian and Raspberry Pi OS
|
||||||
@ -261,7 +243,17 @@ sudo reboot
|
|||||||
|
|
||||||
Note: If your Linux distro does not fall into one of options listed
|
Note: If your Linux distro does not fall into one of options listed
|
||||||
below, you will need to research how to properly setup up the development
|
below, you will need to research how to properly setup up the development
|
||||||
environment for your system.
|
environment for your system. General guidance is given the next paragraph.
|
||||||
|
|
||||||
|
Development Environment Requirements: (package names may vary by distro)
|
||||||
|
|
||||||
|
- Mandatory: `gcc` `make` `bc` `kernel-headers` `build-essential` `git`
|
||||||
|
- Highly recommended: `dkms` `rfkill` `iw` `ip`
|
||||||
|
- Mandatory if Secure Boot is active: `openssl` `mokutil`
|
||||||
|
|
||||||
|
Note: The below options should take care of the mandatory and highly recommended
|
||||||
|
requirements but only you know if Secure Boot is active. If Secure Boot is
|
||||||
|
active on your system, please also install the mandatory packages for Secure Boot.
|
||||||
|
|
||||||
- Option for Armbian (arm64)
|
- Option for Armbian (arm64)
|
||||||
|
|
||||||
@ -289,10 +281,8 @@ sudo apt install -y build-essential dkms git iw
|
|||||||
|
|
||||||
- Option for Fedora
|
- Option for Fedora
|
||||||
|
|
||||||
Note: Installing `openssl` is only necessary for secure boot support.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo dnf -y install git dkms kernel-devel openssl
|
sudo dnf -y install git dkms kernel-devel
|
||||||
```
|
```
|
||||||
|
|
||||||
- Option for openSUSE
|
- Option for openSUSE
|
||||||
|
Loading…
Reference in New Issue
Block a user