Jump to content

Talk:DKMS package guidelines

From ArchWiki
Latest comment: 9 April by Oech3 in topic Kernel Lockdown

Kernel Lockdown

As seen in https://wiki.archlinux.org/title/Talk:Dynamic_Kernel_Module_Support#kernel_lockdown, it is desirable if signing of kernel modules are automated by DKMS package side for kernel lockdown which is enabled if UEFI secure boot is enabled by default. oech3 (talk) 06:43, 9 April 2025 (UTC)Reply

Kernel lockdown is not automatically enabled when Secure Boot is in use. The kernel_lockdown(7) man page is wrong, AFAIK, the behavour it documents is from an out-of-tree patch used by some distros. -- nl6720 (talk) 06:56, 9 April 2025 (UTC)Reply
Such reports and my experience exists. oech3 (talk) 06:59, 9 April 2025 (UTC)Reply
Not for Arch (or vanilla kernel)? oech3 (talk) 07:00, 9 April 2025 (UTC)Reply
Nope. -- nl6720 (talk) 12:17, 9 April 2025 (UTC)Reply
Thankyou. (The document should be fixed.)
About kernel lockdown itself, it seems modules are signed by dkms automatically. I heard that sign should be added to MoKList. So apple PC with Intel CPU might not be able to load modules by DKMS if lockdown is enabled. oech3 (talk) 15:26, 9 April 2025 (UTC)Reply