[PATCH Xenial SRU] UBUNTU: [Debian] Suppress module signing for staging drivers

Robert Hooker sarvatt at ubuntu.com
Tue Nov 22 08:43:04 UTC 2016


On Mon, Nov 21, 2016 at 5:23 AM, Stefan Bader
<stefan.bader at canonical.com> wrote:
> On 16.11.2016 21:04, Tim Gardner wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1642368
>>
>> Prevent staging drivers from being loadable in a secure boot environment.
>
> Hm, while I can see the reasoning from a security point of view, there are
> several network/wireless drivers under staging which might be required for
> laptops which in turn are most likely to have secure boot turned on. Isn't the
> risk of regression just too high for SRU?
>
> -Stefan
>
>>
>> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
>> ---
>>  scripts/Makefile.modinst | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
>> index 07650ee..c03a32b 100644
>> --- a/scripts/Makefile.modinst
>> +++ b/scripts/Makefile.modinst
>> @@ -22,8 +22,10 @@ quiet_cmd_modules_install = INSTALL $@
>>      mkdir -p $(2) ; \
>>      cp $@ $(2) ; \
>>      $(mod_strip_cmd) $(2)/$(notdir $@) ; \
>> -    $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
>> -    $(mod_compress_cmd) $(2)/$(notdir $@)
>> +    if echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/" ; \
>> +     then echo Not signing "$(2)/$(notdir $@)"; \
>> +     else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
>> +             $(mod_compress_cmd) $(2)/$(notdir $@); fi
>>
>>  # Modules built outside the kernel source tree go into extra by default
>>  INSTALL_MOD_DIR ?= extra
>>
>
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

This seems crazy to me, especially for a SRU. It will disable using
the majority of the usb wifi dongles out there and confuse people when
they stop working on their laptops. Just my opinion, take it as you
will.




More information about the kernel-team mailing list