Asking about why the kernel needs to support secure boot on an individual system where I am not concerned about the hole punched by the nvidia kernel module. I’m concerned about the proprietary boot loader firmware that will never be maintained well. I’m not asking if it is a good idea in general or for most people.

Shit Gigabyte Aorus YE5 laptop doesn’t support custom secure boot keys for PK in the bootloader. AVOID these thieves selling hardware you can’t own.

Why can’t an unsigned shitvidia kernel module run as a hotplugged device from user space without causing a problem with secure boot handover?

I can run Fedora with secure boot using the Microsoft 3rd party key. I just can’t enable the shitvidia GPU. My primary use case is for LLM/stable diffusion, the GPU doesn’t matter for graphics.

  • smpl
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m not sure I properly understand your problem, but perhabs your kernel is compiled with CONFIG_MODULE_SIG_FORCE. You can check with grep CONFIG_MODULE_SIG_FORCE /boot/config-$(uname -r). If it isn’t you could try and run the kernel with module.sig_enforce=0 as a parameter and see if that helps.

    If you don’t need secure boot, then just disable it (if possible).