← Back to team overview

kernel-packages team mailing list archive

[Bug 1566221] Re: linux: Enforce signed module loading when UEFI secure boot


I'm not sure if this is the right venue for discussion, but ever since
this change was implemented in 4.4.0-18 I have been unable to load the
VirtualBox vboxdrv kernel module built through dkms (fails with
'required key not available'). I understand this is probably the
intended behavior but because of a glitch in the bios or ssd firmware of
my laptop the secureboot mechanism is the only way I can start Ubuntu
and this has left me without an option to load custom-built modules. Is
there any mechanism to sign a kernel module through dkms? How is signing
of e.g. the nvidia module handled?

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  linux: Enforce signed module loading when UEFI secure boot

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  Add code to implement secure boot checks. Unsigned or incorrectly
  signed modules will continue to install while tainting the kernel
  _until_ EFI_SECURE_BOOT_SIG_ENFORCE is enabled.

To manage notifications about this bug go to: