> > If you need Secure Boot feature to be enabled, you must sign the > > compiled kmod packages with your own CA. > > > > This is what's wrong with everything. *This is not okay*. This is > intentionally a poisonous user experience because we provide no > automatic or easy way for this to be done. I understand and agree with > the reasons for why it is this way, but you can't have it both ways if > you want an easy user experience.
So you expect Fedora to provide a signing service using the Fedora keys for anyone to abuse just so you can run UEFI with secure boot enabled with your Nvidia GPU. I mean that's like locking the front door right before you blow the entire back of the building off! I strongly suspect that would be a violation of the MS secure boot agreement (I have no idea if this actually is, just widely guessing). > Either you sign the drivers server side and auto-trust that > certificate (prebuilt kmods), or you sign the drivers device-side > (akmods) and auto-trust that certificate. Or see my other reply for the third option which nvidia could do themselves. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
