Comments (4)
Tk-Glitch
commented on June 27, 2024
1
Module signing is enabled in all current revisions of -tkg kernels.
See https://github.com/Frogging-Family/linux-tkg/blob/master/linux58-tkg/linux58-tkg-config/config.x86_64#L883 for example.
Key is generated early on at build time:
from linux-tkg.
jnines
commented on June 27, 2024
1
To be specific I'm talking about modules built through dkms, if kernel signing is on (which it is) all modules would be signed outside of those dkms modules. for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "Unsigned: ${mod}" ; done will show which modules are unsigned, in my case
Unsigned: nvidia_uvm
Unsigned: nvidia_drm
Unsigned: nvidia_modeset
Unsigned: krx62
Unsigned: nvidia
I see with _NUKR off in the customization config it leaves the signing keys behind, so I might play with signing those modules manually when I get time. That way I can enforce module signing on boot, while still having a working system, and then nuke the /src so I don't have the key floating around. Still not my wheelhouse but it is interesting to read about.
from linux-tkg.
jnines
commented on June 27, 2024
I did not know that. Is there a way to use that to sign out of tree modules (nvidia, virtualbox, etc) so that you can set module.sig_enforce=1?
from linux-tkg.
AdelKS
commented on June 27, 2024
The Ubuntu&Derivatives install script also signs the modules :D
from linux-tkg.
Related Issues (20)
- Cant compile 6.1.46 bmq llvm HOT 3
- misc-additions cannot be applied to recent 6.4
- [Question/Feature request] Bore eevdf HOT 15
- Build error with linux 6.4.13 HOT 5
- 6.1.50 kernel not building HOT 5
- 6.5 kernel not building HOT 4
- NTFS3 disabled in kernel config
- [Feature Request] Select GPU drivers to build HOT 1
- [Feature Request] RT patches for linux 6.6 rc HOT 1
- ERROR: could not set PID X to B: SCHED_BATCH - Operation not permitted error while building HOT 4
- 6.4.16 kernel not building Prj C PDS HOT 1
- Rename customization.cfg to customization.default.cfg HOT 2
- eevdf patch doesn't work with gentoo-sources-6.5.3-r1 HOT 5
- memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
- bore-eevdf: kernel panic on 6.5.4 HOT 4
- freezes with 6.5.4-273.1-tkg-eevdf HOT 3
- Default compression lz4 results initramfs too big HOT 4
- Cannot install on Fedora 39 HOT 6
- Applying 0003-glitched-base.patch fails for kernel 6.1.57 HOT 2
- Error applying BORE-EEVDF on kernel 6.5.7 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linux-tkg.