In order to backup a UEFI-enabled system where Secure Boot is enabled, the R1Soft public key must be added to the MOK (Machine Owner Keys) list, and enrolled on the system. If this step is not taken, the backup agent will be unable to load the kernel module.
The following error may be present when an attempt is made to load the module:
{code}ERROR: could not insert module /lib/modules/r1soft/hcpdriver.o: Required key not available{code}
h2. {color:#000000}{*}Solution{*}{color}
----
{note}This procedure will require the protected machine to be rebooted twice. Please plan accordingly to avoid unplanned interruptions.{note}
*1. Download the R1Soft / ConnectWise public key from the R1Soft Beta repository,* *[here|http://beta.r1soft.com/modules/Secureboot/]**.*
*2. Add the public key to the MOK list:*
{code}
# mokutil --import hcp_driver_cert.pub
{code}
{color:#172b4d}{*}Enter a password for the key entry into the MOK list. Remember this password as it is needed after the system is rebooted to enroll the key.*{color}
{color:#172b4d}{*}3. Reboot the machine{*}{color}
{color:#172b4d}{*}4. The *{color}{color:#172b4d}{*}UEFI key management prompt is shown on boot.*{color} "{color:#172b4d}{*}Press any key to perform MOK management"*{color}{color:#172b4d}*.*{color}
{color:#172b4d}{*}You will have 9 seconds to press a key. If a key is not pressed within the time limit, Steps 2 and 3 must be repeated to import the key into the MOK list.*{color}
!StartMOK.png|border=1!
{color:#172b4d}{*}5.*{color} {color:#172b4d}{*}{_}Perform MOK management{_}{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Enroll MOK{+}{*}{color}{color:#172b4d}*"*{color}
!EnrollMOK.png|border=1!
{color:#172b4d}{*}6.*{color} {color:#172b4d}{*}{_}Enroll MOK{_}{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Continue{+}{*}{color}{color:#172b4d}*"*{color}
!ViewKey.png|border=1!
{color:#172b4d}{*}7.*{color} {color:#172b4d}{*}{_}Enroll the key(s)?_{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Yes{+}{*}{color}{color:#172b4d}*"*{color}
*Enter the password that you used in Step 2 to proceed with the key enrollment.*
!ConfirmEnrollment.png|border=1!
!EnterPassword.png|border=1!
*8.* *{_}Perform MOK Management{_}* *\- Select "*{*}{+}Reboot{+}{*}*" to reboot the machine*
!Reboot.png|border=1!
*9. After the machine is rebooted, you may verify the key has been added with the following command :*
{code}# keyctl list %:.platform
or
# mokutil --list-enrolled | grep -i connectwise{code}
{kb-related-articles}
The following error may be present when an attempt is made to load the module:
{code}ERROR: could not insert module /lib/modules/r1soft/hcpdriver.o: Required key not available{code}
h2. {color:#000000}{*}Solution{*}{color}
----
{note}This procedure will require the protected machine to be rebooted twice. Please plan accordingly to avoid unplanned interruptions.{note}
*1. Download the R1Soft / ConnectWise public key from the R1Soft Beta repository,* *[here|http://beta.r1soft.com/modules/Secureboot/]**.*
*2. Add the public key to the MOK list:*
{code}
# mokutil --import hcp_driver_cert.pub
{code}
{color:#172b4d}{*}Enter a password for the key entry into the MOK list. Remember this password as it is needed after the system is rebooted to enroll the key.*{color}
{color:#172b4d}{*}3. Reboot the machine{*}{color}
{color:#172b4d}{*}4. The *{color}{color:#172b4d}{*}UEFI key management prompt is shown on boot.*{color} "{color:#172b4d}{*}Press any key to perform MOK management"*{color}{color:#172b4d}*.*{color}
{color:#172b4d}{*}You will have 9 seconds to press a key. If a key is not pressed within the time limit, Steps 2 and 3 must be repeated to import the key into the MOK list.*{color}
!StartMOK.png|border=1!
{color:#172b4d}{*}5.*{color} {color:#172b4d}{*}{_}Perform MOK management{_}{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Enroll MOK{+}{*}{color}{color:#172b4d}*"*{color}
!EnrollMOK.png|border=1!
{color:#172b4d}{*}6.*{color} {color:#172b4d}{*}{_}Enroll MOK{_}{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Continue{+}{*}{color}{color:#172b4d}*"*{color}
!ViewKey.png|border=1!
{color:#172b4d}{*}7.*{color} {color:#172b4d}{*}{_}Enroll the key(s)?_{*}{color} {color:#172b4d}*\- Select "*{color}{color:#172b4d}{*}{+}Yes{+}{*}{color}{color:#172b4d}*"*{color}
*Enter the password that you used in Step 2 to proceed with the key enrollment.*
!ConfirmEnrollment.png|border=1!
!EnterPassword.png|border=1!
*8.* *{_}Perform MOK Management{_}* *\- Select "*{*}{+}Reboot{+}{*}*" to reboot the machine*
!Reboot.png|border=1!
*9. After the machine is rebooted, you may verify the key has been added with the following command :*
{code}# keyctl list %:.platform
or
# mokutil --list-enrolled | grep -i connectwise{code}
{kb-related-articles}