... why aren't all the kernels just signed? Why does this need to be a separate package at all?
I can confirm installing the -signed package fixes it for me. Where in the kernel source does this signature effect the output of /proc/sys/kernel/secure_boot, though? I can't find that... -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1658255 Title: Kernel not enforcing module signatures under SecureBoot Status in linux package in Ubuntu: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Bug description: $ sudo mokutil --sbstate SecureBoot enabled $ cat /proc/sys/kernel/moksbstate_disabled 0 $ sudo insmod ./hello.ko $ echo $? 0 $ dmesg | grep Hello [00112.530866] Hello, world! $ strings /lib/modules/$(uname -r)/kernel/lib/test_module.ko | grep signature ~Module signature appended~ $ strings hello.ko | grep signature $ uname -r 4.8.0-34-generic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1658255/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
