On Mon, Feb 02, 2026 at 06:38:51PM +0000, David Howells wrote: > > Could you give more details on this use case and why it needs > > signatures, as opposed to e.g. loading an additional Merkle tree root > > into the kernel to add to the set of allowed modules? > > Because we don't want to, for example, include all the nvidia drivers in our > kernel SRPM.
That doesn't answer my question. Are you trying to say these modules need to be built later *and* signed using the original signing key? - Eric
