Convey secure boot specific considerations (#177)

Author: bbyykk

lkmpg.tex

@@ -174,6 +174,24 @@ \subsection{Before We Begin}
         You will not see it unless you look through your \sh|journalctl| .
         See \ref{sec:helloworld} for details.
         To have immediate access to this information, do all your work from the console.
+  \item SecureBoot.
+        Many contemporary computers are pre-configured with UEFI SecureBoot enabled.
+        It is a security standard that can make sure the device boots using only software that is trusted by original equipment manufacturer.
+        The default Linux kernel from some distributions have also enabled the SecureBoot.
+        For such distributions, the kernel module has to be signed with the security key or you would get the "\emph{ERROR: could not insert module}" when you insert your first hello world module:
+
+\begin{codebash}
+insmod ./hello-1.ko
+\end{codebash}
+        And then you can check further with \sh|dmesg| and see the following text:
+
+           \emph{Lockdown: insmod: unsigned module loading is restricted;
+                 see man kernel lockdown.7}
+
+        If you got this message, the simplest way is to disable the UEFI SecureBoot from the PC/laptop boot menu to have your "hello-1" to be inserted.
+        Of course you can go through complicated steps to generate keys, install keys to your system, and finally sign your module to make it work.
+        However, this is not suitable for beginners.
+        You could read and follow the steps in \href{https://wiki.debian.org/SecureBoot}{SecureBoot} if you are interested.
 \end{enumerate}
 
 \section{Headers}