On 2023-03-07 05:32, Stefan Dirsch wrote:
Hi Joe
Thanks for giving this a try! It's about the same procedure that we're using for signing our nvidia kernel modules right after building on the target sytem. Just that we don't use "-nodes" option, but add
-addext "extendedKeyUsage=codeSigning"
The latter was needed at some point for Leap Kernels (boo#1178793). Nevertheless now with TW's current lockdowned 6.2.1 kernel we're suffering from the same issue as you. :-(
Hi everyone, FWIW, on my Dell XPS 9700, BIOS 1.21, the BIOS has two options under /Secure Boot Mode/ 1) Deployed Mode - checks integrity of UEFI drivers and bootloaders before allowing execution. Use this mode for full Secure Boot protections. 2) Audit Mode - performs a signature check but does not block execution of all UEFI drivers and bootloaders. Use this mode when making modifications to Secure Boot Keys. I switched my BIOS to /Audit Mode/ and applied the latest TW (20230307). kernel-firmware-nvidia-20230210-1.1.noarch kernel-firmware-nvidia-gsp-G06-525.89.02-1.1.x86_64 nvidia-utils-G06-525.89.02-7.1.x86_64 nvidia-compute-utils-G06-525.89.02-7.1.x86_64 nvidia-compute-G06-32bit-525.89.02-7.1.x86_64 nvidia-compute-G06-525.89.02-7.1.x86_64 libnvidia-egl-wayland1-1.1.11-1.1.x86_64 nvidia-video-G06-32bit-525.89.02-7.1.x86_64 nvidia-gl-G06-32bit-525.89.02-7.1.x86_64 nvidia-video-G06-525.89.02-7.1.x86_64 nvidia-gl-G06-525.89.02-7.1.x86_64 nvidia-driver-G06-kmp-default-525.89.02_k6.2.1_1-7.1.x86_64 I hope the above helps someone else ... Cheers, --- Pablo Sanchez - Blueoak Database Engineering