Linux Sensor Stuck in Bypass mode when Secure Boot enabled
search cancel

Linux Sensor Stuck in Bypass mode when Secure Boot enabled

book

Article ID: 286819

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Linux sensor stuck in Bypass mode
  • Linux sensor kernel module is not loading
  • SecureBoot is shown as enabled by running: 
    # mokutil --sb-state
SecureBoot enabled
  • Or by running: 
    # bootctl status
    System:
   Machine ID: d26f378df4214075858c2bd2e0ffb141
      Boot ID: 1dc5840315bd4954b97ed888e6c52a1a
  Secure Boot: enabled
   Setup Mode: user

Selected Firmware Entry:
        Title: CentOS
    Partition: /dev/disk/by-partuuid/0c4c5e6a-deaf-4e55-8ed1-d6e16cb5f8f5
         File: └─/EFI/centos/shimx64.efi

No suitable data is provided by the boot manager. See:
  http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
  http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
for details
  • This directory is empty

    # ls -l /sys/firmware/efi/
total 0

Environment

  • Carbon Black Cloud Sensor: All Supported Versions
  • Linux OS: All Supported Versions for when the Kernel Version is below 4.8

Cause

Linux sensor kernel module is not loading because secure boot is enabled, which is not a supported system configuration currently.

Resolution

  1. Sign kernel module
  2. Disable secure boot

Additional Information

Another way to check secure boot: 
# dmesg | grep -i secure
[    0.000000] Secure boot enabled
[    1.219154] EFI: Loaded cert 'CentOS Secure Boot (key 1): f037c6eaec36d4057a526c0ec6d5a95b324ee129' linked to '.system_keyring'

 
Powered by Wolken Software