* Vitaly Zaitsev via devel: > On 19/06/2024 19:45, Jonathan Steffan wrote: >> While it does *feel* better, both options effectively remove any UEFI >> Secure boot protections. > > Another option is to package the nvidia-kmod-open module into Fedora > and sign it with Fedora key. > > Starting with version 555, nvidia-kmod-open will be the default option. As an out-of-tree kernel module, does it comply with the lockdown/Secure Boot requires, where root does not have full permissions? It's possible that the nvidia-kmod-open upstream developers are not prepared to fix Secure Boot bypasses. Personally, I think teaching people how to disable Secure Boot is a workable approach because it's not hard to get bypasses anyway (either with an official signature from Microsoft, or a boot chain from an OS that allows running arbitrary code in ring 0). Thanks, Florian -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
