Re: [PATCH] Make kernel taint on invalid module signatures configurable

From: Matthew Garrett
Date: Fri Feb 16 2018 - 19:09:09 EST


On Fri, Feb 16, 2018 at 12:25 AM Philipp Hahn <pmhahn@xxxxxxxxx> wrote:
> Sadly didn't work for me :-(
> If my understanding is correct and iff that would work, Debian (and
> others) could load their public key into Shim and then use the
> associated private key for singing their modules.

This works for UEFI systems, but distributions have to support non-UEFI as
well.