[Disco] LP:1764792 -- produce signatures for nvidia dkms modules

Andy Whitcroft apw at canonical.com
Wed Dec 19 15:40:20 UTC 2018

We are working up to producing signed Nvidia modules.  We cannot ship
those assembled due to licensing but we wish for the result to be a
working .ko which is signed into the kernels kernel-module signing key.

To do this we will build the dkms modules in a reproducible manner which
allows them to be linked on installation on the end-user system (meeting
the licensing constraints).  As the build is reproducible we are able
to build, sign, and discard the modules in the primary kernel build
keeping only the signatures.  These will then be consumed by a linux-lrm
package which will produce the same reproducible build pieces (unlinked)
and incorporate the associated signature.  Later when installed the .kos
can be linked and that signature applied so they are loadable under

Proposing for application to disco.


The following changes since commit 7df2ac79ed6d256af0c4f13ac2b8671c585ed9ca:

  UBUNTU: update dkms package versions (2018-12-11 14:37:04 -0600)

are available in the Git repository at:

  git://git.launchpad.net/~apw/ubuntu/+source/linux/+git/disco build-nvidia-signatures

for you to fetch changes up to 68aace1f2ec40a2a280d03e4f167e154697e256b:

  UBUNTU: [Packaging] nvidia -- make nvidia package version explicit (2018-12-19 10:46:35 +0000)

  * Build Nvidia drivers in conjunction with kernel (LP: #1764792)
    - [Packaging] dkms -- add per package post-process step
    - [Packaging] dkms -- switch to a consistent build prefix length and strip
    - [Packaging] nvidia -- build and sign nvidia packages and ship signatures
    - [Packaging] nvidia -- make nvidia package version explicit

More information about the kernel-team mailing list