• Natanox@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    22 hours ago

    How does DKMS and such break secure boot? If you want to load (custom) kernel modules, just generate a key pair, sign the module yourself, import your MOK into your UEFI (once, assuming you use the same key for all your modules and also keep a backup of your reinstall your system) and secure boot will let you do that.

    You do realise 99% of people have no clue what the hell you just said and at least 80% will rather stay with the devil they know (Windows) than taking a course in both Linux System Administration + UEFI / Secure Boot configuration? I’m generally assuming a common user, not a dev with loads of free time. What you describe isn’t just hard and takes a lot of knowledge to fully understand, it’s potentially hazardous on the same level of e.g. editing the fstab or crypttab manually, something a user without deep system knowledge shouldn’t have to do either as it could cause an unbootable state.

    I stand by my point, DKMS breaks Secure Boot (as it requires highly technical user intervention on every single update to make the computer boot again, and very deep knowledge to fix it if something goes wrong).