[kernel-bugs] [Bug 1173158] CONFIG_MODULE_SIG=y
https://bugzilla.suse.com/show_bug.cgi?id=1173158
https://bugzilla.suse.com/show_bug.cgi?id=1173158#c60
--- Comment #60 from Michal Kubeček
Yes, I think this is the key point. User should enroll the nolockdown kernel key by them self because shim will not embeds this "nolockdown kernel key". Microsoft will not sign that shim.
That's a relevant point. Just to be sure I understand: we would have exactly the same problem if we disabled LOCK_DOWN_IN_EFI_SECURE_BOOT in Leap 15.2 kernel-default and kernel-preempt, wouldn't we? Also, I didn't check the code but would LOCK_DOWN_IN_EFI_SECURE_BOOT affect kABI? But even if we could afford it, I'm still not convinced we should because the way I see it, such change would make secure boot essentially useless. -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com