Secure boot and packaging third-party kernel modules
Josh Boyer
jwboyer at fedoraproject.org
Fri May 29 13:28:03 UTC 2015
On Fri, May 29, 2015 at 9:19 AM, Sérgio Basto <sergio at serjux.com> wrote:
> On Sex, 2015-05-29 at 08:54 -0400, Josh Boyer wrote:
>> On Fri, May 29, 2015 at 8:40 AM, David Sommerseth <davids at redhat.com> wrote:
>> > On 28/05/15 17:45, Josh Boyer wrote:
>> >> On Thu, May 28, 2015 at 11:26 AM, David Sommerseth <davids at redhat.com> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> I've started poking into packaging the mhvtl project for Fedora and
>> >>> EPEL. This package also contains a kernel module, which normally works
>> >>> fine - until you hit Secure Boot.
>> >>>
>> >>> So I was wondering how to handle this the best way. AFAIK, there are
>> >>> currently no plans to get the mhvtl.ko kernel module into the upstream
>> >>> kernel.
>> >>
>> >> Where can I read more information on this project, and why that might be?
>> >
>> > Duh! I'm so into this I forget to add better project info ...
>> >
>> > <https://sites.google.com/site/linuxvtl2/>
>>
>> Sorry, I should have been more explicit in my question. I found the
>> site by googling of course, but I was curious if you had pointers to
>> reasoning/discussion around why the kernel module won't be pushed
>> upstream.
>>
>> >> It is worth noting that Fedora does not allow packages other than the
>> >> kernel to ship kernel modules.
>> >
>> > Oh, I was not aware of that. But compiling a kernel module "on-the-fly"
>> > is acceptable for Fedora?
>>
>> Kinda. Packages that do that exist. We know they exist. We assume
>> the people maintaining them are going to be polite and deal with
>> issues.
>
> This is a good subject for RPMFusion and all his kmods ... , but I
> really don't have time to think about it .
>
> In Ask we got examples of kmods signed for VirtualBox under Sercure
> Boot :
>
> https://ask.fedoraproject.org/en/question/68285/best-way-to-install-virtualbox/?answer=68413#post-id-68413
>
> https://ask.fedoraproject.org/en/question/34470/virtual-box-on-fedora-19-fails-to-start-a-vm/?answer=59222#post-id-59222
>
> Seems possible ship kernel modules on the fly since fedora package
> kernel also does it (it seems), I read that somewhere.
Er... no we don't. The kernel package provides all it's modules
already built. It doesn't build any on the fly after it is installed.
I'm not sure where you read that.
josh
More information about the devel
mailing list