kernel-packages team mailing list archive
Mailing list archive
[Bug 1566221] Re: linux: Enforce signed module loading when UEFI secure boot
For completeness the userspace changes needed for this are being tracked
under Bug #1574727.
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
linux: Enforce signed module loading when UEFI secure boot
Status in linux package in Ubuntu:
Status in linux source package in Trusty:
Status in linux source package in Vivid:
Status in linux source package in Wily:
Status in linux source package in Xenial:
Status in linux source package in Yakkety:
This work is authorized by an approved UOS spec and blueprint at
Add code to implement secure boot checks. Unsigned or incorrectly
signed modules will continue to install while tainting the kernel
_until_ EFI_SECURE_BOOT_SIG_ENFORCE is enabled.
When EFI_SECURE_BOOT_SIG_ENFORCE is enabled, then the only recourse
for platforms booting in secure boot mode with a DKMS dependency is to
disable secure boot using mokutil:
sudo mokutil --disable-validation
To manage notifications about this bug go to: