Not signed to work with secure boot
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Tue Jan 12 20:11:31 GMT 2021
On Tue, Jan 12, 2021 at 01:26:40AM +0100, Florian Giest wrote:
> Dear Debian NVIDIA Maintainers,
>
> today I figured out how easy it is to configure debian with Secure Boot,
> right just activating
> Secure Boot in UEFI BIOS :'D.
>
> Since when is it that easy btw? A year ago I didn't understand how to get it
> running.
>
> So now to my subject. I recognized failed boot.log entries and found out
> that the nvidia
> driver modules aren't signed yet.
>
> I just want to know why it is like that, I mean how is shimx64.efi signed?
> By you, Fedora or Microsoft?
> And if it is signed by you, which relation does the modules have with shim?
>
> Would be nice if you could tell me because I didn't find anything about that
> on the internet.
https://wiki.debian.org/SecureBoot
dkms built modules are built by you so of course they are not signed.
The page describes how you can add your own key and use it to sign
your dkms modules if you want to use secureboot with out of tree kernel
modules.
--
Len Sorensen
More information about the pkg-nvidia-devel
mailing list