[kernel-bugs] [Bug 1173158] CONFIG_MODULE_SIG=y
https://bugzilla.suse.com/show_bug.cgi?id=1173158 https://bugzilla.suse.com/show_bug.cgi?id=1173158#c30 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jslaby@suse.com --- Comment #30 from Jiri Slaby <jslaby@suse.com> --- (In reply to Martin Wilck from comment #26)
sold. But that's just a single, once-in-a-system-lifetime MOK operation away.
The upstream kernel does not verify module signatures against MOK keys. You need a non-upstream patch: patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch for that. Leap indeed inherits it from SLE, TW doesn't have it... So TW should keep MODULE_SIG as I don't want to lose the ability to check if modules are genuine. If you ask me, I would not set SIG_FORCE to allow loading of other modules (like nvidia, but there are many others, like those built by myself). Loading such a module properly taints the kernel which is good. For Leap, I have no opinion. -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com