Re: Upcoming changes to Debian Linux kernel packages

On Mon, 2023-09-25 at 04:35 +0200, Andreas Beckmann wrote: > On 25/09/2023 00.50, Bastian Blank wrote: > > Already built modules remain until someone deletes it.  So you can > > also > > switch back to the still installed older kernel version and it will > > have > > the still working module availa

Re: Upcoming changes to Debian Linux kernel packages

On 25/09/2023 00.50, Bastian Blank wrote: Already built modules remain until someone deletes it. So you can also switch back to the still installed older kernel version and it will have the still working module available. This is what I expect not to work. Assume I have Linux 6.6 and a third-

Re: Bug#1040901: Upcoming changes to Debian Linux kernel packages

Hi Ben On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote: > On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote: > > The same upstream version in testing and backports will have the same > > package name. > This is not OK, because they will be incompatible on architectures > support

Re: Upcoming changes to Debian Linux kernel packages

Hi Andreas On Sun, Sep 24, 2023 at 11:10:36PM +0200, Andreas Beckmann wrote: > On 24/09/2023 15.01, Bastian Blank wrote: > > ## Kernel modules will be signed with an ephemeral key > > > > The modules will not longer be signed using the Secure Boot CA like the > > EFI kernel image itself. Instead

Re: Upcoming changes to Debian Linux kernel packages

On 24/09/2023 15.01, Bastian Blank wrote: ## Kernel modules will be signed with an ephemeral key The modules will not longer be signed using the Secure Boot CA like the EFI kernel image itself. Instead a key will be created during the build and thrown away after. Do I correctly assume that ch

Re: Bug#1040901: Upcoming changes to Debian Linux kernel packages

On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote: [...] > ## Kernel modules will be signed with an ephemeral key > > The modules will not longer be signed using the Secure Boot CA like the > EFI kernel image itself. Instead a key will be created during the build > and thrown away after. >

Upcoming changes to Debian Linux kernel packages

Hi folks Debian currently does Secure Boot signing using a shim chained to the Microsoft key. This use requires that we follow certain rules. And one of the recent changes to those rules state that our method of signing kernel modules also with the same key will not be allowed anymore. Some inf