On 19/06/2024 19:45, Jonathan Steffan wrote:
Unless the private key is off-system, anything will be able to be loaded without much fuss.
Maybe akmods can be updated to use the private key stored in TPM 2.0 if the system has one?
While it does *feel* better, both options effectively remove any UEFI Secure boot protections.
Another option is to package the nvidia-kmod-open module into Fedora and sign it with Fedora key.
Starting with version 555, nvidia-kmod-open will be the default option. -- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
