Unable To Start Or Install InfoScale When Secure Boot Is Enabled

Description

Error Message

During installation the following message is reported.

CPI ERROR V-9-30-1167 SecureBoot is enabled, veritas-key is not enrolled on

The following message is reported to the console of existing installs if Secure Boot is enabled after installing InfoScale.

Loading of module with unavailable key is rejected.

After enabling Secure Boot on an existing installation of InfoScale, Volume Manager(VxVM) commands will fail.

# vxdisk list

VxVM vxdisk ERROR V-5-1-684 IPC failure: Configuration daemon is not accessible.

Message reported when manually loading a signed kernel module when Secure Boot is enabled.

# insmod /etc/vx/kernel/vxdmp.ko.5.14.0-362.18.1.el9_3.x86_64

insmod: ERROR: could not insert module /etc/vx/kernel/vxdmp.ko.5.14.0-362.18.1.el9_3.x86_64: Key was rejected by service

Cause

Secure Boot is enabled in the BIOS

# mokutil --sb-state

SecureBoot enabled

Resolution

1.) Enroll the InfoScale MOK Certificate.

# mokutil --import /etc/vx/kernel/infoscale-pubkey.der

input password:

input password again:

2.) Reboot the host and enroll the certificate.

Provide the password entered during the import process.

3.) Verify the certificate is imported.

# mokutil --list-enrolled

[key 3]

SHA1 Fingerprint: 9e:14:e8:f7:c0:7c:ba:37:be:3a:b3:6f:86:0d:30:ca:a6:70:26:75

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

29:f1:35:40:e3:16:94:38:da:67:7d:aa:57:f0:a1:57:ab:0b:4e:83

Signature Algorithm: sha256WithRSAEncryption

Issuer: O=Veritas Technologies LLC, CN=Veritas Technologies LLC Kernel signing key/emailAddress=enterprise_technical_support@veritas.com

Validity

Not Before: Jan 4 11:06:33 2024 GMT

Not After : Jan 4 11:06:33 2028 GMT

Subject: O=Veritas Technologies LLC, CN=Veritas Technologies LLC Kernel signing key/emailAddress=enterprise_technical_support@veritas.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (4096 bit)

Modulus:

00:c7:f9:68:a0:93:e5:be:c6:cc:dd:da:47:03:b1:

74:54:a8:70:1b:5b:2c:33:5c:f5:fa:fb:af:8b:04:

2e:ff:2b:4b:e7:9a:95:30:94:53:77:fc:44:cd:14:

e3:2d:f1:2a:53:52:6f:4d:24:4d:a7:82:a8:cd:d6:

cd:6c:17:83:cc:c2:8c:ef:56:75:97:46:c0:4e:f3:

6e:74:d6:24:0b:5f:8f:6c:d6:4b:d1:b6:70:ed:4d:

18:40:72:0b:41:09:58:23:f3:60:50:0d:b2:30:c2:

e4:30:f7:0c:0a:e3:49:ff:06:33:bc:e5:df:91:24:

55:98:30:dc:6b:bc:41:b9:95:be:db:5e:97:a0:de:

83:2b:7e:69:6b:b2:0f:44:ad:8d:37:c9:a8:4e:f6:

41:ee:11:f7:a8:3e:ae:91:40:fd:a1:25:66:41:c2:

cc:d3:0d:9b:f8:3d:42:dd:33:02:38:0a:79:32:71:

fd:87:3a:84:69:00:e2:1b:d2:d4:0f:03:c8:93:b9:

6c:c5:9d:b5:09:11:85:08:a5:ff:c7:b8:63:e5:63:

91:a4:97:15:4b:aa:66:88:19:34:4e:50:8f:f2:57:

60:37:eb:f3:94:8c:62:7e:e1:66:2b:f5:e3:43:0f:

dc:38:c0:be:27:1b:7d:4a:48:8c:74:cc:72:9e:22:

7f:96:7c:df:22:53:62:8f:1c:fb:ff:28:1b:71:5f:

8b:bd:b8:6f:af:ef:a0:8f:30:4c:fe:a2:34:cd:61:

d1:e5:dd:e7:cb:77:e3:7e:0d:8c:a6:26:e9:e2:fe:

ac:69:fe:c5:bc:6c:0a:d5:cc:91:de:2f:95:9a:f9:

18:b2:0f:88:2a:c2:0b:ac:25:c5:52:ab:78:5c:92:

c1:01:51:97:ec:42:f8:31:9f:b2:80:98:f1:4a:ba:

5b:85:a2:0c:aa:23:72:6a:6d:aa:71:48:89:eb:52:

38:57:37:bf:fd:38:e1:e1:2c:3f:53:55:86:d4:0a:

cd:a4:28:ee:ef:f2:20:67:38:e2:7f:35:6b:7c:5e:

94:8c:3d:1a:de:1f:6b:6f:48:9c:18:9f:a3:b6:b9:

32:a4:9c:28:2a:76:2a:3e:20:cc:66:75:73:2c:cb:

07:49:96:1d:af:8b:71:61:a7:5a:25:c6:79:6c:32:

66:f5:1c:b8:9b:13:68:aa:c8:26:06:c3:d4:3b:e2:

d0:76:eb:73:9f:90:a3:4f:ff:5f:9b:a5:cb:74:d9:

b9:1e:01:7d:1a:ee:9e:ec:7d:a7:2b:99:78:6e:69:

d5:5e:1b:bf:b3:72:13:15:2e:e8:b5:23:12:fe:d7:

64:ed:e2:2a:50:02:09:ac:ea:7a:b9:38:51:33:ea:

16:1a:63

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Key Usage:

Digital Signature

X509v3 Subject Key Identifier:

BE:F7:65:CE:6A:ED:8A:9C:EF:80:D2:E0:13:DA:C3:63:C8:4F:59:C9

X509v3 Authority Key Identifier:

BE:F7:65:CE:6A:ED:8A:9C:EF:80:D2:E0:13:DA:C3:63:C8:4F:59:C9

X509v3 Extended Key Usage:

Code Signing

Signature Algorithm: sha256WithRSAEncryption

Signature Value:

55:0c:a6:fd:8d:c0:6b:d8:19:40:78:e0:e4:7d:5d:cd:86:0a:

97:b3:32:7a:4b:45:4f:5d:3f:ac:e8:b7:c2:9b:16:63:ab:0f:

fa:43:88:db:c8:02:db:66:c6:58:7a:1a:df:79:8e:49:c4:56:

d4:d3:e0:4a:fa:98:52:de:48:8e:c9:0e:66:85:2b:57:d8:5d:

18:36:e5:9b:54:3b:57:65:92:9f:fc:bc:cc:7b:e3:9c:13:a6:

6d:2b:35:43:66:55:b1:71:b1:0c:35:6a:3a:39:bc:44:04:1e:

3e:28:31:fa:97:f8:ff:b9:19:f7:2f:67:4a:05:dd:b0:17:01:

a2:41:a3:cc:d9:4b:e6:30:b2:96:9c:de:43:63:cf:14:59:5e:

7a:5d:0e:00:2a:54:ef:57:09:59:11:19:82:fc:08:f5:90:ed:

5a:30:eb:69:96:ae:ff:02:f1:ad:91:40:d6:78:a7:2f:9a:78:

81:57:f3:1e:10:84:c2:d1:69:6b:a2:39:25:18:91:62:08:08:

4a:a9:21:20:f9:37:2d:02:4a:b6:c8:4b:73:4f:d3:93:fb:11:

d6:b7:43:07:1a:66:39:13:34:ff:24:8c:cc:d3:93:cb:b2:1d:

11:c0:6a:c4:2e:2d:f3:09:d1:be:6e:f8:24:af:d8:eb:93:a4:

16:77:64:c4:aa:7e:54:d5:45:53:e4:51:0c:fd:b4:44:37:16:

b7:6f:b5:ec:e6:fe:28:b8:02:b2:ff:26:8c:7a:e9:39:69:c9:

23:4b:52:69:aa:47:7e:ef:4d:28:48:be:23:06:65:8e:7e:85:

75:29:8f:5d:60:10:63:7c:3c:ce:6c:a6:4a:45:00:a5:07:66:

14:af:c1:6b:13:ae:57:19:b2:bb:eb:10:6b:f9:37:b1:7c:a2:

f7:8a:47:fd:0f:38:32:66:1b:da:8c:fe:b6:39:f0:ba:13:91:

a8:21:95:c0:f9:44:cb:08:6f:0e:b7:6a:f1:d4:45:85:9e:e3:

05:51:ff:03:a5:0c:b5:ef:cd:aa:2e:c7:e2:ec:0a:ca:d4:f9:

02:4e:20:64:34:d4:07:f6:06:fc:ef:f9:72:6d:c5:d5:4b:1f:

4a:6c:92:06:17:46:69:ca:0a:0d:24:bb:cf:7c:e0:9e:c6:fb:

1e:e9:49:21:8c:82:a8:4f:93:20:6c:8d:fa:f5:5c:9e:02:6d:

ee:b0:d0:47:6f:e5:10:a8:58:d0:5b:42:5c:b8:66:68:3e:26:

f7:4f:35:45:1d:87:a4:ed:f3:94:58:9b:22:cc:a7:9d:73:95:

9d:a3:9b:c8:fc:75:a0:a4:63:44:e6:14:61:2f:bd:fa:1b:50:

89:9d:08:6e:e4:55:eb:50

Issue/Introduction

Unable to start or install InfoScale when Secure Boot is enabled.

Welcome to "KB Articles"