Once upon a time, Simo Sorce simo@redhat.com said:
Ideally dkms (or whatever) could simply generate a key, sign the module and manage to get the public key in the right place so that the module can be verified.
That's not possible, is it? I assume the user has to interact with the firmware at some point to install a new key. Otherwise, the whole thing would be a waste of time.