On Fri, Jan 11, 2019 at 3:52 PM Michael Stone <mst...@debian.org> wrote:
> How did you get the unsigned kernel installed in the first place? It's > not typically installed, and I don't see any dependencies that would pull > it in. If it weren't installed there'd be no problem. :) Good question. I upgrade my sid regularly and don't mess with the kernel: I installed the metapackage that depends on the latest kernel and leave the system uprgrade to its convenience. I have no idea of where this "unsigned" came from. Is it possible that at some point the metapackage depended on it? > If you have > another kernel already installed, boot into that, then replace the > unsigned kernel with the corresponding kernel that lacks the -unsigned > suffix.If you don't have another kernel installed, try installing an > older one or (as you suggested) wait for the next one. In theory you > should be able to just remove the -unsigned and replace it without > having another kernel available, but it's better to have an alternative > in case something goes wrong. > Unfortunately no other kernel installed and, unless I go and dig into snapsot, at the moment in sid no other kernel version number is available. If I try to install the "signed" version, something unhelty happens because the same /lib/modules/4.19.0-1-amd64/ is shared by the two. I'll wait for the next one. > -unsigned means that the kernel doesn't come with a signature that can > be used for secure boot. It's part of the build process for the signed > kernels, is a reproducible build, and may have other special-purpose > applications, but it is not generally needed. > Clear enough. Thank you. a.