Talk:Features/SecureBoot

From FedoraProject

Revision as of 19:22, 20 July 2012 by Jwboyer (Talk | contribs)

Jump to: navigation, search

What is the impact on third-party kernel modules? (I don't think we need to support them, but it will be necessary to highlight in release notes.) --Mitr 15:24, 20 July 2012 (UTC)

I'll take a crack at answering this. Peter and Matthew can yell at me if I screw up. Firstly, if a user wants to use 3rd party modules they can disable secure boot and they will work as well as they did before. That is the easiest option relatively speaking. Assuming a user wishes to use secure boot with a 3rd party module, then they can use the tools that will be provided as part of the feature to create their own signing key. They would enroll the public portion of this key in the firmware on their machine and sign any additional modules they wish to use. This would need to be done whenever a new build of a module is required (kernel update, module update, etc). NOTE: the kernel code to support this still needs to be written and tested.

If the question was geared towards repositories that provide 3rd party modules, then the above still applies to a degree. The repository would need to generate their own signing key, and users would need to enroll the public portion of that key on their systems in order to use modules provided by the repo. --Josh Boyer 19:21 20 July 2012