Bug#989463: please align shim-signed dkms behaviour with Ubuntu

To: submit@bugs.debian.org
Subject: Bug#989463: please align shim-signed dkms behaviour with Ubuntu
From: Leif Lindholm <unixsmurf@gmail.com>
Date: Fri, 4 Jun 2021 11:32:50 +0100
Message-id: <[🔎] CA+oGwQy3WKBrSV_ZgMmaf4hZ0619UWVZXvBTFo6tP86-PCWT4Q@mail.gmail.com>
Reply-to: Leif Lindholm <unixsmurf@gmail.com>, 989463@bugs.debian.org

Package: shim-signed
Version: 1.36+15.4-5
Severity: wishlist

Currently, if dkms is installed, shim-signed prompts to disable
kernel/module verification on next boot on some trigger events - to
ensure the system will successfully boot (something, not necessarily
untampered with) after a kernel upgrade.

According to Vorlon, in Ubuntu:
"that's since been superseded by code to instead generate and enroll a
MOK key and sign all dkms modules with it."

This sounds like a very useful feature that would be worth bringing into Debian.

Reply to:

Prev by Date: Processed: Re: Bug#989460: shim-signed encourages disabling Secure Boot if dkms installed
Next by Date: EFI boot Debian 10.x i386
Previous by thread: Processed: Re: Bug#989460: shim-signed encourages disabling Secure Boot if dkms installed
Next by thread: EFI boot Debian 10.x i386
Index(es):
- Date
- Thread