Talk:DKMS package guidelines
Appearance
Latest comment: 9 April by Oech3 in topic Kernel Lockdown
Kernel Lockdown
As seen in https://wiki.archlinux.org/title/Talk:Dynamic_Kernel_Module_Support#kernel_lockdown, it is desirable if signing of kernel modules are automated by DKMS package side for kernel lockdown which is enabled if UEFI secure boot is enabled by default. oech3 (talk) 06:43, 9 April 2025 (UTC)
- Kernel lockdown is not automatically enabled when Secure Boot is in use. The kernel_lockdown(7) man page is wrong, AFAIK, the behavour it documents is from an out-of-tree patch used by some distros. -- nl6720 (talk) 06:56, 9 April 2025 (UTC)
- Such reports and my experience exists. oech3 (talk) 06:59, 9 April 2025 (UTC)
- Not for Arch (or vanilla kernel)? oech3 (talk) 07:00, 9 April 2025 (UTC)
- Nope. -- nl6720 (talk) 12:17, 9 April 2025 (UTC)
- Thankyou. (The document should be fixed.)
- About kernel lockdown itself, it seems modules are signed by dkms automatically. I heard that sign should be added to MoKList. So apple PC with Intel CPU might not be able to load modules by DKMS if lockdown is enabled. oech3 (talk) 15:26, 9 April 2025 (UTC)
- Nope. -- nl6720 (talk) 12:17, 9 April 2025 (UTC)
- Not for Arch (or vanilla kernel)? oech3 (talk) 07:00, 9 April 2025 (UTC)
- Such reports and my experience exists. oech3 (talk) 06:59, 9 April 2025 (UTC)