From aaa1983597345f3e5d5d757508c393ea521e1597 Mon Sep 17 00:00:00 2001 From: Languages add-on Date: May 02 2024 07:41:26 +0000 Subject: Added translation using Weblate (Norwegian Nynorsk) Co-authored-by: Languages add-on --- diff --git a/po/nn/f27/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.po b/po/nn/f27/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.po new file mode 100644 index 0000000..95238e7 --- /dev/null +++ b/po/nn/f27/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.po @@ -0,0 +1,1592 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# Languages add-on , 2024. +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2023-06-15 21:44+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: nn\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Title === +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:6 +#, no-wrap +msgid "Working with Kernel Modules" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:9 +msgid "" +"indexterm:[kernel module,definition]indexterm:[module,kernel " +"module]indexterm:[drivers,kernel module] The Linux kernel is modular, which " +"means it can extend its capabilities through the use of dynamically-loaded " +"_kernel modules_. A kernel module can provide:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:11 +msgid "a device driver which adds support for new hardware; or," +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:13 +msgid "support for a file system such as `btrfs` or `NFS`." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:15 +msgid "" +"Like the kernel itself, modules can take parameters that customize their " +"behavior, though the default parameters work well in most cases. User-space " +"tools can list the modules currently loaded into a running kernel; query all " +"available modules for available parameters and module-specific information; " +"and load or unload (remove) modules dynamically into or from a running " +"kernel. Many of these utilities, which are provided by the [package]*kmod* " +"package, take module dependencies into account when performing operations so " +"that manual dependency-tracking is rarely necessary." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:17 +msgid "" +"On modern systems, kernel modules are automatically loaded by various " +"mechanisms when the conditions call for it. However, there are occasions " +"when it is necessary to load or unload modules manually, such as when one " +"module is preferred over another although either could provide basic " +"functionality, or when a module is misbehaving." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:19 +msgid "This chapter explains how to:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:21 +msgid "" +"use the user-space [application]*kmod* utilities to display, query, load and " +"unload kernel modules and their dependencies;" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:23 +msgid "" +"set module parameters both dynamically on the command line and permanently " +"so that you can customize the behavior of your kernel modules; and," +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:25 +msgid "load modules at boot time." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:26 +#, no-wrap +msgid "Installing the kmod package" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:31 +msgid "" +"In order to use the kernel module utilities described in this chapter, first " +"ensure the [package]*kmod* package is installed on your system by running, " +"as root:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:35 +#, no-wrap +msgid "~]#{nbsp}dnf install kmod\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:39 +msgid "" +"For more information on installing packages with DNF, see " +"xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:43 +#, no-wrap +msgid "Listing Currently-Loaded Modules" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:46 +msgid "" +"indexterm:[kernel module,listing,currently loaded modules]indexterm:[kernel " +"module,utilities,lsmod]indexterm:[lsmod,kernel module] You can list all " +"kernel modules that are currently loaded into the kernel by running the " +"[command]#lsmod# command, for example:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:82 +#, no-wrap +msgid "" +"~]$ lsmod\n" +"Module Size Used by\n" +"tcp_lp 12663 0 \n" +"bnep 19704 2 \n" +"bluetooth 372662 7 bnep\n" +"rfkill 26536 3 bluetooth\n" +"fuse 87661 3 \n" +"ip6t_rpfilter 12546 1 \n" +"ip6t_REJECT 12939 2 \n" +"ipt_REJECT 12541 2 \n" +"xt_conntrack 12760 7 \n" +"ebtable_nat 12807 0 \n" +"ebtable_broute 12731 0 \n" +"bridge 110196 1 ebtable_broute\n" +"stp 12976 1 bridge\n" +"llc 14552 2 stp,bridge\n" +"ebtable_filter 12827 0 \n" +"ebtables 30913 3 ebtable_broute,ebtable_nat,ebtable_filter\n" +"ip6table_nat 13015 1 \n" +"nf_conntrack_ipv6 18738 5 \n" +"nf_defrag_ipv6 34651 1 nf_conntrack_ipv6\n" +"nf_nat_ipv6 13279 1 ip6table_nat\n" +"ip6table_mangle 12700 1 \n" +"ip6table_security 12710 1 \n" +"ip6table_raw 12683 1 \n" +"ip6table_filter 12815 1 \n" +"ip6_tables 27025 5 " +"ip6table_filter,ip6table_mangle,ip6table_security,ip6table_nat,ip6table_raw\n" +"iptable_nat 13011 1 \n" +"nf_conntrack_ipv4 14862 4 \n" +"nf_defrag_ipv4 12729 1 nf_conntrack_ipv4\n" +"nf_nat_ipv4 13263 1 iptable_nat\n" +"nf_nat 21798 4 " +"nf_nat_ipv4,nf_nat_ipv6,ip6table_nat,iptable_nat\n" +"[output truncated]\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:85 +msgid "Each row of [command]#lsmod# output specifies:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:87 +msgid "the name of a kernel module currently loaded in memory;" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:89 +msgid "the amount of memory it uses; and," +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:91 +msgid "" +"the sum total of processes that are using the module and other modules which " +"depend on it, followed by a list of the names of those modules, if there are " +"any. Using this list, you can first unload all the modules depending the " +"module you want to unload. For more information, see " +"xref:Working_with_Kernel_Modules.adoc#sec-Unloading_a_Module[Unloading a " +"Module]." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:94 +msgid "" +"indexterm:[kernel module,files,/proc/modules] Finally, note that " +"[command]#lsmod# output is less verbose and considerably easier to read than " +"the content of the `/proc/modules` pseudo-file." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:96 +#, no-wrap +msgid "Displaying Information About a Module" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:99 +msgid "" +"indexterm:[kernel module,listing,module information]indexterm:[kernel " +"module,utilities,modinfo]indexterm:[modinfo,kernel module] You can display " +"detailed information about a kernel module by running the " +"[command]#modinfo{nbsp}pass:attributes[{blank}]_module_name_pass:attributes[{blank}]# " +"command." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:101 +#, no-wrap +msgid "Module names do not end in .ko" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:106 +msgid "" +"When entering the name of a kernel module as an argument to one of the " +"[application]*kmod* utilities, do not append a `.ko` extension to the end of " +"the name. Kernel module names do not have extensions; their corresponding " +"files do." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:110 +#, no-wrap +msgid "Listing information about a kernel module with lsmod" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:114 +msgid "" +"To display information about the `e1000e` module, which is the Intel " +"PRO/1000 network driver, run:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:145 +#, no-wrap +msgid "" +"~]# modinfo e1000e\n" +"filename: " +"/lib/modules/3.17.4-302.fc21.x86_64/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko\n" +"version: 2.3.2-k\n" +"license: GPL\n" +"description: Intel(R) PRO/1000 Network Driver\n" +"author: Intel Corporation, \n" +"srcversion: 2FBED3F5E2EF40112284D95\n" +"alias: pci:v00008086d00001503sv*sd*bc*sc*i*\n" +"alias: pci:v00008086d00001502sv*sd*bc*sc*i*\n" +"[some alias lines omitted]\n" +"alias: pci:v00008086d0000105Esv*sd*bc*sc*i*\n" +"depends: ptp\n" +"intree: Y\n" +"vermagic: 3.17.4-302.fc21.x86_64 SMP mod_unload \n" +"signer: Fedora kernel signing key\n" +"sig_key: " +"1F:C9:E6:8F:74:19:55:63:48:FD:EE:2F:DE:B7:FF:9D:A6:33:7B:BF\n" +"sig_hashalgo: sha256\n" +"parm: debug:Debug level (0=none,...,16=all) (int)\n" +"parm: copybreak:Maximum size of packet that is copied to a new " +"buffer on receive (uint)\n" +"parm: TxIntDelay:Transmit Interrupt Delay (array of int)\n" +"parm: TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of " +"int)\n" +"parm: RxIntDelay:Receive Interrupt Delay (array of int)\n" +"parm: RxAbsIntDelay:Receive Absolute Interrupt Delay (array of " +"int)\n" +"parm: InterruptThrottleRate:Interrupt Throttling Rate (array of " +"int)\n" +"parm: IntMode:Interrupt Mode (array of int)\n" +"parm: SmartPowerDownEnable:Enable PHY smart power down (array of " +"int)\n" +"parm: KumeranLockLoss:Enable Kumeran lock loss workaround (array " +"of int)\n" +"parm: WriteProtectNVM:Write-protect NVM [WARNING: disabling this " +"can lead to corrupted NVM] (array of int)\n" +"parm: CrcStripping:Enable CRC Stripping, disable if your BMC needs " +"the CRC (array of int)\n" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:150 +msgid "Here are descriptions of a few of the fields in [command]#modinfo# output:" +msgstr "" + +#. type: Labeled list +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:151 +#, no-wrap +msgid "filename" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:152 +msgid "" +"The absolute path to the `.ko` kernel object file. You can use " +"[command]#modinfo -n# as a shortcut command for printing only the `filename` " +"field." +msgstr "" + +#. type: Labeled list +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:153 +#, no-wrap +msgid "description" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:154 +msgid "" +"A short description of the module. You can use [command]#modinfo -d# as a " +"shortcut command for printing only the description field." +msgstr "" + +#. type: Labeled list +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:155 +#, no-wrap +msgid "alias" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:156 +msgid "" +"The `alias` field appears as many times as there are aliases for a module, " +"or is omitted entirely if there are none." +msgstr "" + +#. type: Labeled list +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:157 +#, no-wrap +msgid "depends" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:158 +msgid "" +"This field contains a comma-separated list of all the modules this module " +"depends on." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:160 +#, no-wrap +msgid "Omitting the depends field" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:165 +msgid "" +"If a module has no dependencies, the `depends` field may be omitted from the " +"output." +msgstr "" + +#. type: Labeled list +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:168 +#, no-wrap +msgid "parm" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:169 +msgid "" +"Each `parm` field presents one module parameter in the form " +"`pass:attributes[{blank}]_parameter_name_:pass:attributes[{blank}]_description_pass:attributes[{blank}]`, " +"where:" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:171 +msgid "" +"_parameter_name_ is the exact syntax you should use when using it as a " +"module parameter on the command line, or in an option line in a `.conf` file " +"in the `/etc/modprobe.d/` directory; and," +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:173 +msgid "" +"_description_ is a brief explanation of what the parameter does, along with " +"an expectation for the type of value the parameter accepts (such as `int`, " +"`unit` or `array of int`) in parentheses." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:175 +#, no-wrap +msgid "Listing module parameters" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:179 +msgid "" +"You can list all parameters that the module supports by using the " +"[option]`-p` option. However, because useful value type information is " +"omitted from [command]#modinfo -p# output, it is more useful to run:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:194 +#, no-wrap +msgid "" +"~]# modinfo e1000e | grep \"^parm\" | sort\n" +"parm: copybreak:Maximum size of packet that is copied to a new " +"buffer on receive (uint)\n" +"parm: CrcStripping:Enable CRC Stripping, disable if your BMC needs " +"the CRC (array of int)\n" +"parm: debug:Debug level (0=none,...,16=all) (int)\n" +"parm: InterruptThrottleRate:Interrupt Throttling Rate (array of " +"int)\n" +"parm: IntMode:Interrupt Mode (array of int)\n" +"parm: KumeranLockLoss:Enable Kumeran lock loss workaround (array " +"of int)\n" +"parm: RxAbsIntDelay:Receive Absolute Interrupt Delay (array of " +"int)\n" +"parm: RxIntDelay:Receive Interrupt Delay (array of int)\n" +"parm: SmartPowerDownEnable:Enable PHY smart power down (array of " +"int)\n" +"parm: TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of " +"int)\n" +"parm: TxIntDelay:Transmit Interrupt Delay (array of int)\n" +"parm: WriteProtectNVM:Write-protect NVM [WARNING: disabling this " +"can lead to corrupted NVM] (array of int)\n" +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:199 +#, no-wrap +msgid "Loading a Module" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:202 +msgid "" +"indexterm:[kernel module,loading,for the current session]indexterm:[kernel " +"module,utilities,modprobe]indexterm:[modprobe,kernel module] To load a " +"kernel module, run [command]#modprobe _module_name_pass:attributes[{blank}]# " +"as `root`. For example, to load the `wacom` module, run:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:205 +#, no-wrap +msgid "~]# modprobe wacom\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:209 +msgid "" +"indexterm:[kernel " +"module,directories,/lib/modules/kernel_version/kernel/drivers/] By default, " +"[command]#modprobe# attempts to load the module from " +"`/lib/modules/pass:attributes[{blank}]_kernel_version_pass:attributes[{blank}]/kernel/drivers/`. " +"In this directory, each type of module has its own subdirectory, such as " +"`net/` and `scsi/`, for network and SCSI interface drivers respectively." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:211 +msgid "" +"Some modules have dependencies, which are other kernel modules that must be " +"loaded before the module in question can be loaded. The [command]#modprobe# " +"command always takes dependencies into account when performing " +"operations. When you ask [command]#modprobe# to load a specific kernel " +"module, it first examines the dependencies of that module, if there are any, " +"and loads them if they are not already loaded into the " +"kernel. [command]#modprobe# resolves dependencies recursively: it will load " +"all dependencies of dependencies, and so on, if necessary, thus ensuring " +"that all dependencies are always met." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:213 +msgid "" +"You can use the [option]`-v` (or [option]`--verbose`) option to cause " +"[command]#modprobe# to display detailed information about what it is doing, " +"which can include loading module dependencies." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:215 +#, no-wrap +msgid "modprobe -v shows module dependencies as they are loaded" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:219 +msgid "" +"You can load the `Fibre Channel over Ethernet` module verbosely by typing " +"the following at a shell prompt:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:226 +#, no-wrap +msgid "" +"~]# modprobe -v fcoe\n" +"insmod " +"/lib/modules/3.17.4-302.fc21.x86_64/kernel/drivers/scsi/scsi_transport_fc.ko.xz " +"\n" +"insmod " +"/lib/modules/3.17.4-302.fc21.x86_64/kernel/drivers/scsi/libfc/libfc.ko.xz \n" +"insmod " +"/lib/modules/3.17.4-302.fc21.x86_64/kernel/drivers/scsi/fcoe/libfcoe.ko.xz " +"\n" +"insmod " +"/lib/modules/3.17.4-302.fc21.x86_64/kernel/drivers/scsi/fcoe/fcoe.ko.xz\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:229 +msgid "" +"In this example, you can see that [command]#modprobe# loaded the `scsi_tgt`, " +"`scsi_transport_fc`, `libfc` and `libfcoe` modules as dependencies before " +"finally loading `fcoe`. Also note that [command]#modprobe# used the more " +"primitive [command]#insmod# command to insert the modules into the running " +"kernel." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:232 +msgid "indexterm:[kernel module,utilities,insmod]indexterm:[insmod,kernel module]" +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:234 +#, no-wrap +msgid "Always use modprobe instead of insmod!" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:239 +msgid "" +"Although the [command]#insmod# command can also be used to load kernel " +"modules, it does not resolve dependencies. Because of this, you should " +"*always* load modules using [command]#modprobe# instead." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:243 +#, no-wrap +msgid "Unloading a Module" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:246 +msgid "" +"indexterm:[kernel module,unloading]indexterm:[kernel " +"module,utilities,modprobe]indexterm:[modprobe,kernel module] You can unload " +"a kernel module by running [command]#modprobe -r " +"_module_name_pass:attributes[{blank}]# as `root`. For example, assuming that " +"the `wacom` module is already loaded into the kernel, you can unload it by " +"running:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:249 +#, no-wrap +msgid "~]# modprobe -r wacom\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:253 +msgid "However, this command will fail if a process is using:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:255 +msgid "the `wacom` module;" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:257 +msgid "a module that `wacom` directly depends on, or;" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:259 +msgid "any module that `wacom`, through the dependency tree, depends on indirectly." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:261 +msgid "" +"See " +"xref:Working_with_Kernel_Modules.adoc#sec-Listing_Currently-Loaded_Modules[Listing " +"Currently-Loaded Modules] for more information about using [command]#lsmod# " +"to obtain the names of the modules which are preventing you from unloading a " +"certain module." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:263 +#, no-wrap +msgid "Unloading a kernel module" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:267 +msgid "" +"For example, if you want to unload the `firewire_ohci` module, your terminal " +"session might look similar to this:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:274 +#, no-wrap +msgid "" +"~]# modinfo -F depends firewire_ohci\n" +"firewire-core\n" +"~]# modinfo -F depends firewire_core\n" +"crc-itu-t\n" +"~]# modinfo -F depends crc-itu-t\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:278 +msgid "" +"You have figured out the dependency tree (which does not branch in this " +"example) for the loaded Firewire modules: `firewire_ohci` depends on " +"`firewire_core`, which itself depends on `crc-itu-t`." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:280 +msgid "" +"You can unload `firewire_ohci` using the [command]#modprobe -v -r " +"_module_name_pass:attributes[{blank}]# command, where [option]`-r` is short " +"for [option]`--remove` and [option]`-v` for [option]`--verbose`:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:286 +#, no-wrap +msgid "" +"~]# modprobe -r -v firewire_ohci\n" +"rmmod firewire_ohci\n" +"rmmod firewire_core\n" +"rmmod crc_itu_t\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:289 +msgid "" +"The output shows that modules are unloaded in the reverse order that they " +"are loaded, given that no processes depend on any of the modules being " +"unloaded." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:292 +msgid "indexterm:[kernel module,utilities,rmmod]indexterm:[rmmod,kernel module]" +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:294 +#, no-wrap +msgid "Do not use rmmod directly!" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:299 +msgid "" +"Although the [command]#rmmod# command can be used to unload kernel modules, " +"it is recommended to use [command]#modprobe -r# instead." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:303 +#, no-wrap +msgid "Setting Module Parameters" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:306 +msgid "" +"indexterm:[module parameters,kernel module]indexterm:[kernel module,module " +"parameters,supplying] Like the kernel itself, modules can also take " +"parameters that change their behavior. Most of the time, the default ones " +"work well, but occasionally it is necessary or desirable to set custom " +"parameters for a module. Because parameters cannot be dynamically set for a " +"module that is already loaded into a running kernel, there are two different " +"methods for setting them." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:308 +msgid "" +"You can unload all dependencies of the module you want to set parameters " +"for, unload the module using [command]#modprobe -r#, and then load it with " +"[command]#modprobe# along with a list of customized parameters. This method " +"is often used when the module does not have many dependencies, or to test " +"different combinations of parameters without making them persistent, and is " +"the method covered in this section." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:310 +msgid "" +"Alternatively, you can list the new parameters in an existing or newly " +"created file in the `/etc/modprobe.d/` directory. This method makes the " +"module parameters persistent by ensuring that they are set each time the " +"module is loaded, such as after every reboot or [command]#modprobe# " +"command. This method is covered in " +"xref:Working_with_Kernel_Modules.adoc#sec-Persistent_Module_Loading[Persistent " +"Module Loading], though the following information is a prerequisite." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:312 +#, no-wrap +msgid "Supplying optional parameters when loading a kernel module" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:316 +msgid "" +"You can use [command]#modprobe# to load a kernel module with custom " +"parameters using the following command line format:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:320 +#, no-wrap +msgid "~]#{nbsp}modprobe{nbsp}module_name{nbsp}parameter=value \n" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:326 +msgid "" +"When loading a module with custom parameters on the command line, be aware " +"of the following:" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:328 +msgid "You can enter multiple parameters and values by separating them with spaces." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:330 +msgid "" +"Some module parameters expect a list of comma-separated values as their " +"argument. When entering the list of values, do *not* insert a space after " +"each comma, or [command]#modprobe# will incorrectly interpret the values " +"following spaces as additional parameters." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:332 +msgid "" +"The [command]#modprobe# command silently succeeds with an exit status of 0 " +"if:" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:334 +msgid "it successfully loads the module, *or*" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:336 +msgid "the module is *already* loaded into the kernel." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:338 +msgid "" +"Thus, you must ensure that the module is not already loaded before " +"attempting to load it with custom parameters. The [command]#modprobe# " +"command does not automatically reload the module, or alert you that it is " +"already loaded." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:340 +msgid "" +"Here are the recommended steps for setting custom parameters and then " +"loading a kernel module. This procedure illustrates the steps using the " +"`e1000e` module, which is the network driver for Intel PRO/1000 network " +"adapters, as an example:" +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:342 +#, no-wrap +msgid "Loading a Kernel Module with Custom Parameters" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:344 +msgid "First, ensure the module is not already loaded into the kernel:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:349 +#, no-wrap +msgid "" +"~]#{nbsp}lsmod |grep e1000e\n" +"~]#{nbsp}\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:352 +msgid "" +"Output would indicate that the module is already loaded into the kernel, in " +"which case you must first unload it before proceeding. See " +"xref:Working_with_Kernel_Modules.adoc#sec-Unloading_a_Module[Unloading a " +"Module] for instructions on safely unloading it." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:354 +msgid "" +"Load the module and list all custom parameters after the module name. For " +"example, if you wanted to load the Intel PRO/1000 network driver with the " +"interrupt throttle rate set to 3000 interrupts per second for the first, " +"second, and third instances of the driver, and turn on debug, you would run, " +"as `root`:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:358 +#, no-wrap +msgid "~]#{nbsp}modprobe e1000e InterruptThrottleRate=3000,3000,3000 debug=1\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:362 +msgid "" +"This example illustrates passing multiple values to a single parameter by " +"separating them with commas and omitting any spaces between them." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:364 +#, no-wrap +msgid "Persistent Module Loading" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:367 +msgid "" +"indexterm:[kernel module,loading,at the boot time]indexterm:[kernel " +"module,directories,/etc/modules-load.d/] As shown in " +"xref:Working_with_Kernel_Modules.adoc#ex-Listing_information_about_a_kernel_module_with_lsmod[Listing " +"information about a kernel module with lsmod], many kernel modules are " +"loaded automatically at boot time. You can specify additional modules to be " +"loaded by the `systemd-modules-load.service` daemon by creating a " +"`pass:attributes[{blank}]_program_.conf` file in the `/etc/modules-load.d/` " +"directory, where _program_ is any descriptive name of your choice. The files " +"in `/etc/modules-load.d/` are text files that list the modules to be loaded, " +"one per line." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:369 +#, no-wrap +msgid "A Text File to Load a Module" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:373 +msgid "" +"To create a file to load the `virtio-net.ko` module, create a file " +"`/etc/modules-load.d/virtio-net.conf` with the following content:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:377 +#, no-wrap +msgid "" +"# Load virtio-net.ko at boot\n" +"virtio-net\n" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:382 +msgid "" +"See the `modules-load.d(5)` and `systemd-modules-load.service(8)` man pages " +"for more information." +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:384 +#, no-wrap +msgid "Signing Kernel Modules for Secure Boot" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:387 +msgid "" +"Fedora includes support for the UEFI Secure Boot feature, which means that " +"Fedora can be installed and run on systems where UEFI Secure Boot is " +"enabled. footnote:[Fedora does not require the use of Secure Boot on UEFI " +"systems.] When Secure Boot is enabled, the EFI operating system boot " +"loaders, the Fedora kernel, and all kernel modules must be signed with a " +"private key and authenticated with the corresponding public key. The Fedora " +"distribution includes signed boot loaders, signed kernels, and signed kernel " +"modules. In addition, the signed first-stage boot loader and the signed " +"kernel include embedded Fedora public keys. These signed executable binaries " +"and embedded keys enable Fedora to install, boot, and run with the Microsoft " +"UEFI Secure Boot CA keys that are provided by the UEFI firmware on systems " +"that support UEFI Secure Boot.footnote:[Not all UEFI-based systems include " +"support for Secure Boot.]" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:389 +msgid "" +"The information provided in the following sections describes steps necessary " +"to enable you to self-sign privately built kernel modules for use with " +"Fedora on UEFI-based systems where Secure Boot is enabled. These sections " +"also provide an overview of available options for getting your public key " +"onto the target system where you want to deploy your kernel module." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:391 +#, no-wrap +msgid "Prerequisites" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:394 +msgid "" +"In order to enable signing of externally built modules, the tools listed in " +"the following table are required to be installed on the system." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:396 +#, no-wrap +msgid "Required Tools" +msgstr "" + +#. type: Table +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:406 +#, no-wrap +msgid "" +"|Tool|Provided by Package|Used on|Purpose\n" +"|[command]#openssl#|[package]*openssl*|Build system|Generates public and " +"private X.509 key pair\n" +"|[command]#sign-file#|[package]*kernel-devel*|Build system|Perl script used " +"to sign kernel modules\n" +"|[command]#perl#|[package]*perl*|Build system|Perl interpreter used to run " +"the signing script\n" +"|[command]#mokutil#|[package]*mokutil*|Target system|Optional tool used to " +"manually enroll the public key\n" +"|[command]#keyctl#|[package]*keyutils*|Target system|Optional tool used to " +"display public keys in the system key ring\n" +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:412 +msgid "" +"Note that the build system, where you build and sign your kernel module, " +"does not need to have UEFI Secure Boot enabled and does not even need to be " +"a UEFI-based system." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:416 +#, no-wrap +msgid "Kernel Module Authentication" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:419 +msgid "" +"In Fedora, when a kernel module is loaded, the module's signature is checked " +"using the public X.509 keys on the kernel's system key ring, excluding those " +"keys that are on the kernel's system black list key ring." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:422 +msgid "====== Sources For Public Keys Used To Authenticate Kernel Modules" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:424 +msgid "" +"During boot, the kernel loads X.509 keys into the system key ring or the " +"system black list key ring from a set of persistent key stores as shown in " +"xref:Working_with_Kernel_Modules.adoc#table-sources-for-system-key-rings[Sources " +"For System Key Rings]" +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:426 +#, no-wrap +msgid "Sources For System Key Rings" +msgstr "" + +#. type: Table +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:440 +#, no-wrap +msgid "" +"|Source of X.509 Keys|User Ability to Add Keys|UEFI Secure Boot State|Keys " +"Loaded During Boot\n" +"|Embedded in kernel|No|-|`.system_keyring`\n" +"|UEFI Secure Boot \"db\"|Limited|Not enabled|No\n" +"|Enabled|`.system_keyring`\n" +"|UEFI Secure Boot \"dbx\"|Limited|Not enabled|No\n" +"|Enabled|`.system_keyring`\n" +"|Embedded in `shim.efi` boot loader|No|Not enabled|No\n" +"|Enabled|`.system_keyring`\n" +"|Machine Owner Key (MOK) list|Yes|Not enabled|No\n" +"|Enabled|`.system_keyring`\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:443 +msgid "" +"Note that if the system is not UEFI-based or if UEFI Secure Boot is not " +"enabled, then only the keys that are embedded in the kernel are loaded onto " +"the system key ring and you have no ability to augment that set of keys " +"without rebuilding the kernel. The system black list key ring is a list of " +"X.509 keys which have been revoked. If your module is signed by a key on the " +"black list then it will fail authentication even if your public key is in " +"the system key ring." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:445 +msgid "To confirm if Secure Boot is enabled, enter a command as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:450 +#, no-wrap +msgid "" +"~]$ [command]#mokutil --sb-state#\n" +"SecureBoot enabled\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:453 +msgid "" +"If Secure Boot is not enabled then the message `Failed to read SecureBoot` " +"is displayed." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:455 +msgid "" +"You can display information about the keys on the system key rings using the " +"[command]#keyctl# utility. The following is abbreviated example output from " +"a Fedora system where UEFI Secure Boot is not enabled." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:461 +#, no-wrap +msgid "" +"~]#{nbsp}keyctl list %:.system_keyring\n" +"1 key in keyring:\n" +"265061799: ---lswrv 0 0 asymmetric: Fedora kernel signing key: " +"ba8e2919f98f3f8e2e27541cde0d1f...\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:464 +msgid "" +"The following is abbreviated example output from a Fedora system where UEFI " +"Secure Boot is enabled." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:474 +#, no-wrap +msgid "" +"~]#{nbsp}keyctl list %:.system_keyring\n" +" 5 keys in keyring:\n" +" ...asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c497...\n" +" ...asymmetric: Fedora kernel signing key: ba8e2919f98f3f8e2e27541cde0d...\n" +" ...asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4...\n" +" ...asymmetric: Red Hat Test Certifying CA: 08a0ef5800cb02fb587c12b4032...\n" +" ...asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8...\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:477 +msgid "" +"The above output shows the addition of two keys from the UEFI Secure Boot " +"\"db\" keys plus the `Fedora Secure Boot CA` which is embedded in the " +"`shim.efi` boot loader." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:480 +msgid "====== Kernel Module Authentication Requirements" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:482 +msgid "" +"If UEFI Secure Boot is enabled or if the [option]`module.sig_enforce` kernel " +"parameter has been specified, then only signed kernel modules that are " +"authenticated using a key on the system key ring can be successfully " +"loaded.footnote:[Provided that the public key is not on the system black " +"list key ring.] If UEFI Secure Boot is disabled and if the " +"[option]`module.sig_enforce` kernel parameter has not been specified, then " +"unsigned kernel modules and signed kernel modules without a public key can " +"be successfully loaded. This is summarized in " +"xref:Working_with_Kernel_Modules.adoc#table-kernel-module-authentication-requirements-for-loading[Kernel " +"Module Authentication Requirements for Loading]." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:484 +#, no-wrap +msgid "Kernel Module Authentication Requirements for Loading" +msgstr "" + +#. type: Table +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:498 +#, no-wrap +msgid "" +"|Module Signed|Public Key Found and Signature Valid|UEFI Secure Boot " +"State|module.sig_enforce|Module Load|Kernel Tainted\n" +"|Unsigned|-|Not enabled|Not enabled|Succeeds|Yes\n" +"|Not enabled|Enabled|Fails|\n" +"|Enabled|-|Fails|-\n" +"|Signed|No|Not enabled|Not enabled|Succeeds|Yes\n" +"|Not enabled|Enabled|Fails|-\n" +"|Enabled|-|Fails|-\n" +"|Signed|Yes|Not enabled|Not enabled|Succeeds|No\n" +"|Not enabled|Enabled|Succeeds|No\n" +"|Enabled|-|Succeeds|No\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:501 +msgid "" +"Subsequent sections will describe how to generate a public and private X.509 " +"key pair, how to use the private key to sign a kernel module, and how to " +"enroll the public key into a source for the system key ring." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:503 +#, no-wrap +msgid "Generating a Public and Private X.509 Key Pair" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:506 +msgid "" +"You need to generate a public and private X.509 key pair that will be used " +"to sign a kernel module after it has been built. The corresponding public " +"key will be used to authenticate the kernel module when it is loaded." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:508 +msgid "" +"The [command]#openssl# tool can be used to generate a key pair that " +"satisfies the requirements for kernel module signing in Fedora. Some of the " +"parameters for this key generation request are best specified with a " +"configuration file; follow the example below to create your own " +"configuration file." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:518 +#, no-wrap +msgid "" +"~]#{nbsp}cat << EOF > configuration_file.config\n" +"[ req ]\n" +"default_bits = 4096\n" +"distinguished_name = req_distinguished_name\n" +"prompt = no\n" +"string_mask = utf8only\n" +"x509_extensions = myexts\n" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:523 +#, no-wrap +msgid "" +"[ req_distinguished_name ]\n" +"O = pass:quotes[_Organization_]\n" +"CN = pass:quotes[_Organization signing key_]\n" +"emailAddress = pass:quotes[_E-mail address_]\n" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:530 +#, no-wrap +msgid "" +"[ myexts ]\n" +"basicConstraints=critical,CA:FALSE\n" +"keyUsage=digitalSignature\n" +"subjectKeyIdentifier=hash\n" +"authorityKeyIdentifier=keyid\n" +"EOF\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:533 +msgid "" +"After you have created the configuration file, you can create an X.509 " +"public and private key pair. The public key will be written to the " +"`pass:attributes[{blank}]_public_key_.der` file and the private key will be " +"written to the `pass:attributes[{blank}]_private_key_.priv` file." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:540 +#, no-wrap +msgid "" +"~]#{nbsp}openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 \\\n" +"> -batch -config configuration_file.config -outform DER \\\n" +"> -out public_key.der \\\n" +"> -keyout private_key.priv\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:543 +msgid "" +"Enroll your public key on all systems where you want to authenticate and " +"load your kernel module." +msgstr "" + +#. type: delimited block = +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:548 +msgid "" +"Take proper care to guard the contents of your private key. In the wrong " +"hands, the key could be used to compromise any system which has your public " +"key." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:552 +#, no-wrap +msgid "Enrolling Public Key on Target System" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:555 +msgid "" +"When Fedora boots on a UEFI-based system with Secure Boot enabled, all keys " +"that are in the Secure Boot db key database, but not in the dbx database of " +"revoked keys, are loaded onto the system keyring by the kernel. The system " +"keyring is used to authenticate kernel modules." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:558 +msgid "====== Factory Firmware Image Including Public Key" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:560 +msgid "" +"To facilitate authentication of your kernel module on your systems, consider " +"requesting your system vendor to incorporate your public key into the UEFI " +"Secure Boot key database in their factory firmware image." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:563 +msgid "====== Executable Key Enrollment Image Adding Public Key" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:565 +msgid "" +"It is possible to add a key to an existing populated and active Secure Boot " +"key database. This can be done by writing and providing an EFI executable " +"*enrollment* image. Such an enrollment image contains a properly formed " +"request to append a key to the Secure Boot key database. This request must " +"include data that is properly signed by the private key that corresponds to " +"a public key that is already in the system's Secure Boot Key Exchange Key " +"(KEK) database. Additionally, this EFI image must be signed by a private key " +"that corresponds to a public key that is already in the key database." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:567 +msgid "" +"It is also possible to write an enrollment image that runs under " +"Fedora. However, the Fedora image must be properly signed by a private key " +"that corresponds to a public key that is already in the KEK database." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:569 +msgid "" +"The construction of either type of key enrollment images requires assistance " +"from the platform vendor." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:572 +msgid "====== System Administrator Manually Adding Public Key to the MOK List" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:574 +msgid "" +"The Machine Owner Key (MOK) facility is a feature that is supported by " +"Fedora and can be used to augment the UEFI Secure Boot key database. When " +"Fedora boots on a UEFI-enabled system with Secure Boot enabled, the keys on " +"the MOK list are also added to the system keyring in addition to the keys " +"from the key database. The MOK list keys are also stored persistently and " +"securely in the same fashion as the Secure Boot key database keys, but these " +"are two separate facilities. The MOK facility is supported by shim.efi, " +"MokManager.efi, grubx64.efi, and the Fedora [command]#mokutil# utility." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:576 +msgid "" +"The major capability provided by the MOK facility is the ability to add " +"public keys to the MOK list without needing to have the key chain back to " +"another key that is already in the KEK database. However, enrolling a MOK " +"key requires manual interaction by a *physically present* user at the UEFI " +"system console on each target system. Nevertheless, the MOK facility " +"provides an excellent method for testing newly generated key pairs and " +"testing kernel modules signed with them." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:578 +msgid "Follow these steps to add your public key to the MOK list:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:580 +msgid "" +"Request addition of your public key to the MOK list using a Fedora userspace " +"utility:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:584 +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:635 +#, no-wrap +msgid "~]#{nbsp}mokutil --import my_signing_key_pub.der\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:587 +msgid "" +"You will be asked to enter and confirm a password for this MOK enrollment " +"request." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:589 +msgid "Reboot the machine." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:591 +msgid "" +"The pending MOK key enrollment request will be noticed by `shim.efi` and it " +"will launch `MokManager.efi` to allow you to complete the enrollment from " +"the UEFI console. You will need to enter the password you previously " +"associated with this request and confirm the enrollment. Your public key is " +"added to the MOK list, which is persistent." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:593 +msgid "" +"Once a key is on the MOK list, it will be automatically propagated to the " +"system key ring on this and subsequent boots when UEFI Secure Boot is " +"enabled." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:595 +#, no-wrap +msgid "Signing Kernel Module with the Private Key" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:598 +msgid "" +"There are no extra steps required to prepare your kernel module for " +"signing. You build your kernel module normally. Assuming an appropriate " +"Makefile and corresponding sources, follow these steps to build your module " +"and sign it:" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:600 +msgid "Build your `my_module.ko` module the standard way:" +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:604 +#, no-wrap +msgid "~]#{nbsp}make -C /usr/src/kernels/$(uname -r) M=$PWD modules\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:607 +msgid "" +"Sign your kernel module with your private key. This is done with a Perl " +"script. Note that the script requires that you provide both the files that " +"contain your private and the public key as well as the kernel module file " +"that you want to sign." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:615 +#, no-wrap +msgid "" +"~]#{nbsp}perl /usr/src/kernels/$(uname -r)/scripts/sign-file \\\n" +"> sha256 \\\n" +"> my_signing_key.priv \\\n" +"> my_signing_key_pub.der \\\n" +"> my_module.ko\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:618 +msgid "" +"Your kernel module is in ELF image format and this script computes and " +"appends the signature directly to the ELF image in your `my_module.ko` " +"file. The [command]#modinfo# utility can be used to display information " +"about the kernel module's signature, if it is present. For information on " +"using the utility, see " +"xref:Working_with_Kernel_Modules.adoc#sec-Displaying_Information_About_a_Module[Displaying " +"Information About a Module]." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:620 +msgid "" +"Note that this appended signature is not contained in an ELF image section " +"and is not a formal part of the ELF image. Therefore, tools such as " +"[command]#readelf# will not be able to display the signature on your kernel " +"module." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:622 +msgid "" +"Your kernel module is now ready for loading. Note that your signed kernel " +"module is also loadable on systems where UEFI Secure Boot is disabled or on " +"a non-UEFI system. That means you do not need to provide both a signed and " +"unsigned version of your kernel module." +msgstr "" + +#. type: Title ===== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:624 +#, no-wrap +msgid "Loading Signed Kernel Module" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:627 +msgid "" +"Once your public key is enrolled and is in the system keyring, the normal " +"kernel module loading mechanisms will work transparently. In the following " +"example, you will use [command]#mokutil# to add your public key to the MOK " +"list and you will manually load your kernel module with [command]#modprobe#." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:629 +msgid "" +"Optionally, you can verify that your kernel module will not load before you " +"have enrolled your public key. First, verify what keys have been added to " +"the system key ring on the current boot by running the [command]#keyctl list " +"%:.system_keyring# as root. Since your public key has not been enrolled yet, " +"it should not be displayed in the output of the command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:631 +msgid "Request enrollment of your public key." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:638 +msgid "Reboot, and complete the enrollment at the UEFI console." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:642 +#, no-wrap +msgid "~]#{nbsp}reboot\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:645 +msgid "After the system reboots, verify the keys on the system key ring again." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:649 +#, no-wrap +msgid "~]#{nbsp}keyctl list %:.system_keyring\n" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:652 +msgid "You should now be able to load your kernel module successfully." +msgstr "" + +#. type: delimited block - +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:659 +#, no-wrap +msgid "" +"~]#{nbsp}modprobe -v my_module\n" +"insmod " +"/lib/modules/3.17.4-302.fc21.x86_64/extra/pass:quotes[_my_module_].ko\n" +"~]#{nbsp}lsmod | grep my_module\n" +"pass:quotes[_my_module_] 12425 0\n" +msgstr "" + +#. type: Title ==== +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:662 +#, no-wrap +msgid "Additional Resources" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:665 +msgid "" +"For more information on kernel modules and their utilities, see the " +"following resources." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:666 +#, no-wrap +msgid "Manual Page Documentation" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:669 +msgid "`lsmod(8)` — The manual page for the [command]#lsmod# command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:671 +msgid "`modinfo(8)` — The manual page for the [command]#modinfo# command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:673 +msgid "`modprobe(8)` — The manual page for the [command]#modprobe# command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:675 +msgid "`rmmod(8)` — The manual page for the [command]#rmmod# command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:677 +msgid "`ethtool(8)` — The manual page for the [command]#ethtool# command." +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:679 +msgid "`mii-tool(8)` — The manual page for the [command]#mii-tool# command." +msgstr "" + +#. type: Block title +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:680 +#, no-wrap +msgid "Installable and External Documentation" +msgstr "" + +#. type: Plain text +#: ./pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc:682 +msgid "" +"link:++http://tldp.org/HOWTO/Module-HOWTO/++[Linux Loadable Kernel Module " +"HOWTO] — The [citetitle]_Linux Loadable Kernel Module HOWTO_ from the Linux " +"Documentation Project contains further information on working with kernel " +"modules." +msgstr ""