On 4/12/23 07:54, Ralf Mardorf wrote:
I don't understand it. If it should be a signing issue, then it does matter when using one mobo and doesn't matter, if the same SSD holding the Arch Linux install is connected to another mobo? It only matters when UEFI booting (with secure boot disabled), but doesn't matter when legacy booting is enabled by the older mobo? Isn't this signing independent of the used boot mechanism? Maybe the culprit is something else, but I couldn't identify something else.
1) Nothing you've shared so far indicates a fatal module signing issue - right? All I've seen is benign warning.
2) uefi vs mbr are not related directly to signed modules in-tree or out-of-tree (OOT) - no.
3) That said, if OOT signed modules are somehow making a warning or error, please keep in mind that dkms is -supposed- to use the appropriate key to sign the modules - and that can happen on every boot with dkms if it decides to rebuild the out-of-tree module.
My comment was simply make sure you always have the correct keys available for dkms to sign with - correct being the same one compiled into the kernel of course as I describe on my gh page.
That way, when those OOT modules do get signed (via dkms) they at least get signed with a key the kernel trusts (the same one used when building that kernel).
