On Sáb, 2015-05-16 at 18:40 +0200, poma wrote: > On 13.05.2015 21:52, jd1008 wrote: > > > > > > On 05/13/2015 01:43 PM, Frank Mehnert wrote: > >> Hi Joe, > >> > >> On Wednesday 13 May 2015 13:28:03 jd1008 wrote: > >>> Thank you for this update. > >>> > >>> I was wondering why Oracle no longer builds VB > >>> for the latest release of Fedora. > >> > >> VirtualBox 4.3.28 is built in a Fedora 18 chroot. We have tested this > >> package works well in Fedora 21. This is also stated on the download > >> page and there is also a Fedora 21 repository containing that package. > >> The repository is not yet up-to-date, this will finish during the next > >> hour. Once Fedora 22 is released we will test VirtualBox on this Linux > >> distribution and then decide if we need to set up a F22 chroot or if > >> the F18 chroot will still make it. > >> > >> Kind regards, > >> > >> Frank > > Thank you Dr. Mehnert. > > I thought that every Fedora kernel is compiled to only accept > > modules that were compiled for the specific kernel version > > of the Fedora release version. > ... > > Fedora kernels are configured to drive in "permissive" mode, > e.g. > > $ grep CONFIG_MODULE_SIG_FORCE /boot/config-4.0.3-202.fc21.x86_64 > # CONFIG_MODULE_SIG_FORCE is not set > > therefore, properly signed *and* unsigned modules are loadable, > e.g. > > - unsigned: > > $ modinfo vboxdrv > filename: /lib/modules/4.0.3-202.fc21.x86_64/extra/vboxdrv.ko > version: 4.3.28 (0x001a000a) > license: GPL > description: Oracle VM VirtualBox Support Driver > author: Oracle Corporation > srcversion: CB0F241526E12BE494014CF > depends: > vermagic: 4.0.3-202.fc21.x86_64 SMP mod_unload > parm: force_async_tsc:force the asynchronous TSC mode (int) > > > # sign-file -v sha256 signing_key.priv signing_key.x509 > /lib/modules/4.0.3-202.fc21.x86_64/extra/vboxdrv.ko > Size of unsigned module: 490384 > Size of signer's name : 25 > Size of key identifier : 20 > Size of signature : 514 > Size of information : 12 > Size of magic number : 28 > Signer's name : 'Fedora kernel signing key' > Digest : sha256 > > - properly signed: > > $ modinfo vboxdrv > filename: /lib/modules/4.0.3-202.fc21.x86_64/extra/vboxdrv.ko > version: 4.3.28 (0x001a000a) > license: GPL > description: Oracle VM VirtualBox Support Driver > author: Oracle Corporation > srcversion: CB0F241526E12BE494014CF > depends: > vermagic: 4.0.3-202.fc21.x86_64 SMP mod_unload > signer: Fedora kernel signing key > sig_key: 95:7D:C8:E5:9F:5D:E6:03:71:49:1A:D0:9A:C6:8F:85:16:6C:B3:94 > sig_hashalgo: sha256 > parm: force_async_tsc:force the asynchronous TSC mode (int) > > > $ dmesg -t | grep -i X.*509 > Asymmetric key parser 'x509' registered > Loading compiled-in X.509 certificates > Loaded X.509 cert 'Fedora kernel signing key: > 957dc8e59f5de60371491ad09ac68f85166cb394' > > > Ref. > https://www.kernel.org/doc/Documentation/module-signing.txt
I have to check this, "therefore, properly signed *and* unsigned modules are loadable" seems not totally correct : https://ask.fedoraproject.org/en/question/65473/virtualbox-error/ "Virtualbox will not work with secure boot enabled because it relies on its own kernel modules being loaded, which they cannot due to secure boot" I have to check If we can sign kmod on RPMFusion , if it is packageable ? Have you any clue on this matter ? Thanks, -- Sérgio M. B. ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ VBox-users-community mailing list VBox-users-community@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vbox-users-community _______________________________________________ Unsubscribe: mailto:vbox-users-community-requ...@lists.sourceforge.net?subject=unsubscribe
