Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elaborate Secure boot article #1853

Open
dngray opened this issue Oct 22, 2022 · 1 comment
Open

Elaborate Secure boot article #1853

dngray opened this issue Oct 22, 2022 · 1 comment
Labels
c:os operating systems and related topics

Comments

@dngray
Copy link
Member

dngray commented Oct 22, 2022

Description

URL of affected page: https://www.privacyguides.org/linux-desktop/hardening/#secure-boot

We should probably elaborate there a little on Dynamic Kernel Module Support (DKMS) and Akmods and how to sign them.

These come up when using virtualization software, NVIDIA drivers etc.

While it's not great to sign kernel modules blindly, it's better than disabling secure boot.

The alternative is to use the shim and Machine Owner Key (MOK).
@dngray dngray added the c:os operating systems and related topics label Oct 22, 2022
@dngray dngray changed the title Elaborate on kernel module signing Elaborate Secure boot article Oct 22, 2022
@dngray
Copy link
Member Author

dngray commented Oct 22, 2022

Another thing that I wouldn't mind mentioning here is the use of sbctl. It makes managing secure boot with your own keys so much easier. Currently available on a variety of distributions.

I've been working on packaging this for Fedora. I have used it successfully on Archlinux that it works successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c:os operating systems and related topics
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dngray