[Bug 1980057] [NEW] dkms fails to sign modules in kinetic, no more kmodsign
Launchpad Bug Tracker
1980057 at bugs.launchpad.net
Tue Jun 28 08:10:54 UTC 2022
You have been subscribed to a public bug:
It seems that dkms uses a tool called kmodsign to sign modules, which no
longer exists in kinetic according to apt-file, causing dkms modules to
be unsigned.
sign_build()
{
[[ -x "$(command -v kmodsign)" && -d "/var/lib/shim-signed/mok/" ]] || return
local base_dir="$dkms_tree/$module/$module_version/$kernelver/$arch"
if type update-secureboot-policy >/dev/null 2>&1; then
echo $"Signing module:"
SHIM_NOTRIGGER=y update-secureboot-policy --new-key
for ko in `find "$base_dir/module/" -name "*.ko" -print`;
do
echo " - $ko"
kmodsign sha512 \
/var/lib/shim-signed/mok/MOK.priv \
/var/lib/shim-signed/mok/MOK.der \
"$ko"
done
update-secureboot-policy --enroll-key
fi
}
instead of kmodsign, it should use
/lib/modules/$kernelver/build/scripts/sign-file
AFAICT
** Affects: sbsigntool (Ubuntu)
Importance: Undecided
Status: New
--
dkms fails to sign modules in kinetic, no more kmodsign
https://bugs.launchpad.net/bugs/1980057
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to sbsigntool in Ubuntu.
More information about the foundations-bugs
mailing list