Secure boot and packaging third-party kernel modules
Sérgio Basto
sergio at serjux.com
Fri May 29 13:19:57 UTC 2015
On Sex, 2015-05-29 at 08:54 -0400, Josh Boyer wrote:
> On Fri, May 29, 2015 at 8:40 AM, David Sommerseth <davids at redhat.com> wrote:
> > On 28/05/15 17:45, Josh Boyer wrote:
> >> On Thu, May 28, 2015 at 11:26 AM, David Sommerseth <davids at redhat.com> wrote:
> >>>
> >>> Hi,
> >>>
> >>> I've started poking into packaging the mhvtl project for Fedora and
> >>> EPEL. This package also contains a kernel module, which normally works
> >>> fine - until you hit Secure Boot.
> >>>
> >>> So I was wondering how to handle this the best way. AFAIK, there are
> >>> currently no plans to get the mhvtl.ko kernel module into the upstream
> >>> kernel.
> >>
> >> Where can I read more information on this project, and why that might be?
> >
> > Duh! I'm so into this I forget to add better project info ...
> >
> > <https://sites.google.com/site/linuxvtl2/>
>
> Sorry, I should have been more explicit in my question. I found the
> site by googling of course, but I was curious if you had pointers to
> reasoning/discussion around why the kernel module won't be pushed
> upstream.
>
> >> It is worth noting that Fedora does not allow packages other than the
> >> kernel to ship kernel modules.
> >
> > Oh, I was not aware of that. But compiling a kernel module "on-the-fly"
> > is acceptable for Fedora?
>
> Kinda. Packages that do that exist. We know they exist. We assume
> the people maintaining them are going to be polite and deal with
> issues.
This is a good subject for RPMFusion and all his kmods ... , but I
really don't have time to think about it .
In Ask we got examples of kmods signed for VirtualBox under Sercure
Boot :
https://ask.fedoraproject.org/en/question/68285/best-way-to-install-virtualbox/?answer=68413#post-id-68413
https://ask.fedoraproject.org/en/question/34470/virtual-box-on-fedora-19-fails-to-start-a-vm/?answer=59222#post-id-59222
Seems possible ship kernel modules on the fly since fedora package
kernel also does it (it seems), I read that somewhere.
Best regards,
--
Sérgio M. B.
More information about the devel
mailing list