kernel-packages team mailing list archive

Thread
Date

[Bug 1566221] Re: linux: Enforce signed module loading when UEFI secure boot

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date: Tue, 19 Apr 2016 12:43:10 -0000
Reply-to: Bug 1566221 <1566221@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

linux 4.4.0-21.37 supports MOKSBState wherein you can disable secure
boot in order to allow DKMS drivers. It should be released from
-proposed within a day or so. If you aren't prompted to change your
secure boot setting, then you can run 'sudo mokutil --disable-
validation' before rebooting.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1566221

Title:
  linux: Enforce signed module loading when UEFI secure boot

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  Add code to implement secure boot checks. Unsigned or incorrectly
  signed modules will continue to install while tainting the kernel
  _until_ EFI_SECURE_BOOT_SIG_ENFORCE is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566221/+subscriptions

References

[Bug 1566221] [NEW] linux: Enforce signed module loading when UEFI secure boot
From: Tim Gardner, 2016-04-05