On 4/12/23 07:54, Ralf Mardorf wrote:
I don't understand it. If it should be a signing issue, then it does
matter when using one mobo and doesn't matter, if the same SSD holding
the Arch Linux install is connected to another mobo? It only matters
when UEFI booting (with secure boot disabled), but doesn't matter when
legacy booting is enabled by the older mobo? Isn't this signing
independent of the used boot mechanism?
Maybe the culprit is something else, but I couldn't identify something
else.
1) Nothing you've shared so far indicates a fatal module signing issue -
right? All I've seen is benign warning.
2) uefi vs mbr are not related directly to signed modules in-tree or
out-of-tree (OOT) - no.
3) That said, if OOT signed modules are somehow making a warning or
error, please keep in mind that dkms is -supposed- to use the
appropriate key to sign the modules - and that can happen on every boot
with dkms if it decides to rebuild the out-of-tree module.
My comment was simply make sure you always have the correct keys
available for dkms to sign with - correct being the same one compiled
into the kernel of course as I describe on my gh page.
That way, when those OOT modules do get signed (via dkms) they at least
get signed with a key the kernel trusts (the same one used when building
that kernel).
