Tested on my HP Elitebook 8570p, with Secure Boot and Broadcom WiFi, following the current test plan. All operations went as expected, WiFi is working properly.
** Tags removed: verification-needed verification-needed-kinetic ** Tags added: verification-done verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to dkms in Ubuntu. https://bugs.launchpad.net/bugs/1991725 Title: fails to sign kernel modules Status in Release Notes for Ubuntu: Fix Released Status in dkms package in Ubuntu: Fix Released Status in dkms source package in Kinetic: Fix Committed Bug description: [Impact] With the current state of the DKMS package, if a user attempts to install any package that includes a third-party driver (Broadcom WiFi, VirtualBox, v4l2loobpack, etc.), the process of signing the newly built driver with a MOK key will fail silently. This means that any packages and hardware that require third-party drivers are currently unusable on a system with Secure Boot. This bug has been tested and verified to occur with the bcmwl-kernel-source package, but also is very likely to affect any other packages that use DKMS modules. This fix for this is in the -proposed pocket at the moment, and has been tested to work. [Test plan] 1: Obtain a system with UEFI, Secure Boot, and Broadcom WiFi. (If Broadcom WiFi is not an option, install VirtualBox in Step 9 rather than bcmwl-kernel-source.) 2. Install Ubuntu on the system, but do not enable the installation of third-party drivers. 3. When installation finishes, reboot. 4. When the system boots into the Ubuntu desktop, connect to the Internet without WiFi, and update all packages on the system. 5. Enable -proposed. 6. Update *just* the DKMS package with "sudo apt install dkms". 7. Disable -proposed. 8. Run "sudo apt install bcmwl-kernel-source". 9. Reboot and enroll the MOK, then reboot again. The WiFi adapter should begin working once Ubuntu boots. [Where problems could occur] Theoretically, a bug in the code could result in DKMS drivers still not being signed in some instances (though there are no known instances where this happens). But as Secure Boot + DKMS is already entirely broken, even this kind of breakage would be an improvement beyond what we already have. Given the rather obvious nature of such breakage, thorough testing should be able to detect it with ease. --- Original bug reports: Expected on kinetic: dkms will sign built modules with MOK key if requested. What happens: dkms outputs "Binary kmod-sign not found, modules won't be signed" Fix: update dkms to 3.0.7: https://github.com/dell/dkms/pull/242 --- dkms 3.0.6-2ubuntu2 is being tested in kinetic-proposed to resolve this issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1991725/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
