Secure boot and packaging third-party kernel modules
Sérgio Basto
sergio at serjux.com
Fri May 29 15:57:23 UTC 2015
On Sex, 2015-05-29 at 09:28 -0400, Josh Boyer wrote:
> On Fri, May 29, 2015 at 9:19 AM, Sérgio Basto <sergio at serjux.com> wrote:
> > On Sex, 2015-05-29 at 08:54 -0400, Josh Boyer wrote:
> >> On Fri, May 29, 2015 at 8:40 AM, David Sommerseth <davids at redhat.com> wrote:
> >> > On 28/05/15 17:45, Josh Boyer wrote:
> >> >> On Thu, May 28, 2015 at 11:26 AM, David Sommerseth <davids at redhat.com> wrote:
> >> >>>
> >> >>> Hi,
> >> >>>
> >> >>> I've started poking into packaging the mhvtl project for Fedora and
> >> >>> EPEL. This package also contains a kernel module, which normally works
> >> >>> fine - until you hit Secure Boot.
> >> >>>
> >> >>> So I was wondering how to handle this the best way. AFAIK, there are
> >> >>> currently no plans to get the mhvtl.ko kernel module into the upstream
> >> >>> kernel.
> >> >>
> >> >> Where can I read more information on this project, and why that might be?
> >> >
> >> > Duh! I'm so into this I forget to add better project info ...
> >> >
> >> > <https://sites.google.com/site/linuxvtl2/>
> >>
> >> Sorry, I should have been more explicit in my question. I found the
> >> site by googling of course, but I was curious if you had pointers to
> >> reasoning/discussion around why the kernel module won't be pushed
> >> upstream.
> >>
> >> >> It is worth noting that Fedora does not allow packages other than the
> >> >> kernel to ship kernel modules.
> >> >
> >> > Oh, I was not aware of that. But compiling a kernel module "on-the-fly"
> >> > is acceptable for Fedora?
> >>
> >> Kinda. Packages that do that exist. We know they exist. We assume
> >> the people maintaining them are going to be polite and deal with
> >> issues.
> >
> > This is a good subject for RPMFusion and all his kmods ... , but I
> > really don't have time to think about it .
> >
> > In Ask we got examples of kmods signed for VirtualBox under Sercure
> > Boot :
> >
> > https://ask.fedoraproject.org/en/question/68285/best-way-to-install-virtualbox/?answer=68413#post-id-68413
> >
> > https://ask.fedoraproject.org/en/question/34470/virtual-box-on-fedora-19-fails-to-start-a-vm/?answer=59222#post-id-59222
> >
> > Seems possible ship kernel modules on the fly since fedora package
> > kernel also does it (it seems), I read that somewhere.
>
> Er... no we don't. The kernel package provides all it's modules
> already built. It doesn't build any on the fly after it is installed.
> I'm not sure where you read that.
Sorry, I meant, the kernel package sign on the fly (the kernel
modules) ? , that what we need, we need build a package and sign kernel
modules on that build .
> josh
Thanks,
--
Sérgio M. B.
More information about the devel
mailing list