When the PIM / PAMSC seos kernel module fails to load in a Linux which is running in Secure Boot mode follow below steps
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT UNIX
Secure Boot is using a MOK (Machine Owner Key) which basically is securing the boot process by only allowing approved OS components and drivers to load.
The OS kernel should contain the public key of the module getting inserted as part of trust chain, So the first step in doing this is to add the public key into the kernel system key database,
Every time the PAMSC kernel module loads, the OS kernel checks the signature of the module using the relevant public key.
Following steps are necessary for adding PAMSC public key into the secured kernel key database.
# cd /opt/CA/PAMSC/bin/
# mokutil --import BroadcomInc.der
input password:
input password again:
This command will ask for a new password of your choice which is required during MOK enrollment
Note, to avoid issues, use a password consisting of alpha - numeric characters only
# mokutil -l
Search for PAMSC or Broadcom strings in the key list to confirm the key is loaded.