[Pkg-dkms-maint] Interested in joining the dkms team?
Aron Xu
aron at debian.org
Fri Apr 29 08:44:21 UTC 2016
[Cutting the long CC list]
Hi,
On Fri, Apr 29, 2016 at 3:02 PM, Gianfranco Costamagna
<locutusofborg at debian.org> wrote:
> Hi, sorry for the little OT.
>
> I have really little knowledge in dkms, even if I try to maintain virtualbox-*-dkms packages
>
> Unfortunately Ubuntu started requiring signed kernel modules for xenial (I think), and this is
> preventing many packages from correctly working (including virtualbox)
>
> https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1574300
> do you plan to implement something in dkms side for module signature?
>
> (note: I didn't dig too much in this issue)
I've checked the DKMS source package in Ubuntu and it just makes the
signature checking not enforced anymore, which is violating Secure
Boot standards actually.
Usually the kernel signing stuff is done at kernel build time and only
exactly those modules produced in the build can be loaded because the
key should be generated at build time and through away when the build
is finished. In theory dkms kernel modules can hardly meet the
requirements of Secure Boot because kernel is usually treated as part
of the boot chain where signature verification is required.
Regards,
Aron
More information about the Pkg-dkms-maint
mailing list