Secure boot and packaging third-party kernel modules

drago01 drago01 at gmail.com
Fri May 29 16:19:54 UTC 2015


On Fri, May 29, 2015 at 5:57 PM, Sérgio Basto <sergio at serjux.com> wrote:
> On Sex, 2015-05-29 at 09:28 -0400, Josh Boyer wrote:
>> On Fri, May 29, 2015 at 9:19 AM, Sérgio Basto <sergio at serjux.com> wrote:
>> > On Sex, 2015-05-29 at 08:54 -0400, Josh Boyer wrote:
>> >> On Fri, May 29, 2015 at 8:40 AM, David Sommerseth <davids at redhat.com> wrote:
>> >> > On 28/05/15 17:45, Josh Boyer wrote:
>> >> >> On Thu, May 28, 2015 at 11:26 AM, David Sommerseth <davids at redhat.com> wrote:
>> >> >>>
>> >> >>> Hi,
>> >> >>>
>> >> >>> I've started poking into packaging the mhvtl project for Fedora and
>> >> >>> EPEL.  This package also contains a kernel module, which normally works
>> >> >>> fine - until you hit Secure Boot.
>> >> >>>
>> >> >>> So I was wondering how to handle this the best way.  AFAIK, there are
>> >> >>> currently no plans to get the mhvtl.ko kernel module into the upstream
>> >> >>> kernel.
>> >> >>
>> >> >> Where can I read more information on this project, and why that might be?
>> >> >
>> >> > Duh!  I'm so into this I forget to add better project info ...
>> >> >
>> >> > <https://sites.google.com/site/linuxvtl2/>
>> >>
>> >> Sorry, I should have been more explicit in my question.  I found the
>> >> site by googling of course, but I was curious if you had pointers to
>> >> reasoning/discussion around why the kernel module won't be pushed
>> >> upstream.
>> >>
>> >> >> It is worth noting that Fedora does not allow packages other than the
>> >> >> kernel to ship kernel modules.
>> >> >
>> >> > Oh, I was not aware of that.  But compiling a kernel module "on-the-fly"
>> >> > is acceptable for Fedora?
>> >>
>> >> Kinda.  Packages that do that exist.  We know they exist.  We assume
>> >> the people maintaining them are going to be polite and deal with
>> >> issues.
>> >
>> > This is a good subject for RPMFusion and all his kmods ... , but I
>> > really don't have time to think about it .
>> >
>> > In Ask we got examples of kmods signed for VirtualBox under Sercure
>> > Boot :
>> >
>> > https://ask.fedoraproject.org/en/question/68285/best-way-to-install-virtualbox/?answer=68413#post-id-68413
>> >
>> > https://ask.fedoraproject.org/en/question/34470/virtual-box-on-fedora-19-fails-to-start-a-vm/?answer=59222#post-id-59222
>> >
>> > Seems possible ship kernel modules on the fly since fedora package
>> > kernel also does it (it seems), I read that somewhere.
>>
>> Er... no we don't.  The kernel package provides all it's modules
>> already built.  It doesn't build any on the fly after it is installed.
>> I'm not sure where you read that.
>
> Sorry, I meant, the kernel package sign on the fly (the kernel
> modules) ?

No it doesn't.


More information about the devel mailing list