Comments (3)
From my casual reading at the kernel documentation, you should be able to add any x509 as builtin_trusted_keys via keyctl. That said I haven't tried it and I'm not sure if it makes sense to automate in dkms.
If anything, I'm more inclined to remove all the ad-hoc module install/signing and use the upstream Kbuild to do that for us. Although this is more of a pie in the sky idea currently.
If you have a compelling reason why it has to be done by dkms, I won't mind reviewing a PR.
from dkms.
Actually on second read, I noticed this:
Note, however, that the kernel will only permit keys to be added to .builtin_trusted_keys if the new key's X.509 wrapper is validly signed by a key that is already resident in the .builtin_trusted_keys at the time the key was added.
So I guess, it might not be possible since we don't sign the key we generate as required.
from dkms.
Reading through the docs, a few days later, it seem that you can either reuse the key used during the initial build to sign the dkms build modules. Or the original key must be used to sign the dkms generated key - in that case the new key must be added to the kernel via keyctl
.
Distributions don't ship the key - understandably - so the only way for things to work is to rebuild the kernel. At this point, you can proceed with reusing it or creating/signing another key for dkms modules. Don't think such functionality belongs in dkms.
If my understanding is off, please correct me. Similarly if there is some reason why this should belong in dkms.
from dkms.
Related Issues (20)
- dkms built modules may be compressed in a way unsupported by the kernel HOT 4
- Kernel match for BUILT_MODULE_NAME HOT 9
- Introduce a `build $module for all kernels` functionality HOT 1
- Reintroduce support for `dkms add/build/install m/v --all` HOT 1
- A typo in the readme file
- Ubuntu 22.04 VM broke HOT 6
- marking built/installed modules as rebuild-needed
- parameter validation
- 3.0.13 release isn't tagged as latest on GitHub HOT 1
- OBSOLETE_BY does not prevent building HOT 1
- Retrospective from the recent XZ vuln HOT 1
- DOS-style line endings in dkms.conf break dkms in unpredictable ways HOT 1
- Stop handling dkms.conf as a bash/shell script HOT 7
- Failing to compile nvidia-open-dkms while using a ThinLTO/Clang kernel HOT 3
- Leftover files after zfs build HOT 2
- Keep the Module.symvers file along with the *.ko HOT 1
- In the loop, why is it a read-only variable? HOT 4
- nvidia-open-dkms: Strip assertion failed (ThinLTO compiled kernel) - Module succesfully compiled but can not boot HOT 2
- automate running "`sudo mokutil --import /var/lib/dkms/mok.pub`" HOT 5
- Ship `kernel-install` snippet to `/usr/` instead of `/etc/` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dkms.