On Tue, Apr 5, 2022 at 3:15 PM Neal Gompa <ngompa13(a)gmail.com> wrote:
We also lack solutions for dealing with the NVIDIA driver in
UEFI+Secure Boot case. Are you planning to actually *fix* that now?
Because we still don't have a way to have kernel-only keyrings for
secure boot certificates to avoid importing them into the firmware.
Couple of thoughts, here:
1 - This is a non sequitur to the question of removing BIOS support,
because Secure Boot is not a BIOS feature, so nobody relying on Secure
Boot today would stand to lose anything.
2 - How is this our problem to solve? NVIDIA are the ones with the
private source code.
3 - Your complaint describes solution: import NVIDIA's signing key
into your firmware. If you want both Secure Boot and nvidia.ko so
badly, then you as the consumer need to tell your platform to trust
what NVIDIA signs. If that's a burden, again, see point 2 about who
exactly is making your life hard here. Remedies there might include
some UI streamlining around mokutil, or getting nvidia and nouveau to
use the same (open) kernel driver so the question just goes away.
- ajax