Linux Sensor Stuck in Bypass mode when Secure Boot enabled
book
Article ID: 286819
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Linux sensor stuck in Bypass mode
- Linux sensor kernel module is not loading
- SecureBoot is shown as enabled by running:
# mokutil --sb-state
SecureBoot enabled
- Or by running:
# bootctl status
System:
Machine ID: d26f378df4214075858c2bd2e0ffb141
Boot ID: 1dc5840315bd4954b97ed888e6c52a1a
Secure Boot: enabled
Setup Mode: user
Selected Firmware Entry:
Title: CentOS
Partition: /dev/disk/by-partuuid/0c4c5e6a-deaf-4e55-8ed1-d6e16cb5f8f5
File: └─/EFI/centos/shimx64.efi
No suitable data is provided by the boot manager. See:
http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
for details
-
This directory is empty
# ls -l /sys/firmware/efi/
total 0
Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Linux OS: All Supported Versions for when the Kernel Version is below 4.8
Cause
Linux sensor kernel module is not loading because secure boot is enabled, which is not a supported system configuration currently.
Resolution
- Sign kernel module
- Disable secure boot
Additional Information
Another way to check secure boot:
# dmesg | grep -i secure
[ 0.000000] Secure boot enabled
[ 1.219154] EFI: Loaded cert 'CentOS Secure Boot (key 1): f037c6eaec36d4057a526c0ec6d5a95b324ee129' linked to '.system_keyring'
Feedback
thumb_up
Yes
thumb_down
No