This article applies to users of Rapid Recovery 6.0.1 who want to install the Rapid Recovery Agent on a machine running supported versions of Linux on an Extensible Firmware Interface (EFI) system partition such as CentOS, Red Hat Enterprise Linux, Ubuntu, or SUSE Linux Enterprise Server.
For supported versions of Linux, see the latest system requirements in the Rapid Recovery Release Notes.
If running with the secure boot option enabled, you will be unable to load the 'rapidrecovery_vss' kernel module after installation of the Rapid Recovery Agent until you perform specific steps indicated in this article.
Complete the steps in this procedure to create an X.509 digital certificate, digitally sign the kernel module, and enroll the certificate into the UEFI certificates storage Machine Owner Key (MOK).
1. Create an X.509 certificate to sign the kernel module. Use commands such as in the following example:
openssl req -new -x509 -newkey rsa:2048 -keyout <private_key_file_name> -outform DER -out <certificate_file_name> -nodes -days 36500 -subj "/CN=<your_company_name>/"
2. Sign a module with the key you created. Use commands such as in the following example:
perl /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 <private_key_file_name> <certificate_file_name> rapidrecovery-vss.ko
3. Check if Secure Boot is enabled. For example:
4. If Secure Boot is enabled, import the key into MOK. For example:
mokutil --import <certificate_file_name>
5. Provide a temporary password. This will be used after rebooting to enroll the certificate. Do not forget this password.
6. Reboot the system.
7. When the UEFI key management screen appears, press any key (within 10 seconds) to proceed.
8. Select Enroll MOK
9. Select View key 0
10. Press ESC
11. Select Continue
12. Enter the password you defined in step 5.
13. When prompted to confirm key enrollment, select "Yes."