On Wed, Jul 1, 2020 at 5:51 PM Neal Gompa <ngompa13@xxxxxxxxx> wrote: > The core of it is that nobody cares. It comes up at least once or > twice every development cycle in the Workstation Working Group > meetings, but there's nothing we can do. Sometimes I'll get bullshit > answers from people. Sometimes they'll just say stuff about security. > Sometimes they'll say something about it being NVIDIA's problem. Is there a bug filed for this that I can follow? I didn't see one from a quick search. Personally, I use my own Secure Boot keys and sign the modules from akmods with that. It works fine with the cert in db since that gets it loaded into the platform keyring. I'd like to see the extract-vmlinux and/or insert-sys-cert kernel programs learn how to repack vmlinux back into an existing vmlinuz so that CONFIG_SYSTEM_EXTRA_CERTIFICATE can be useful with UEFI, and I could have a separate module signing key and Secure Boot key. Thanks. David _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
