** Description changed: Ubuntu-4.4.0-20.36 was released with signed module enforcement enabled, but contained no way of disabling secure boot for DKMS. + + This patch set implements the ability to disable secure boot on demand + from user space (with some password shennaigans). If one boots in secure + boot mode and then installs a third party module (such as DKMS), then a + dialog is displayed giving the user an option to disable secure boot, + thereby also disabling module signature verification. Patch 1/2 is a + scaffold patch of which only the GUID macros are actually used. The rest + of the code is fenced by CONFIG_MODULE_SIG_UEFI which will not be + enabled until a later series. Patch 2/2 is where MOKSBState is read and + implemented. Patch 3/3 simply prints a bit more informative state + information. + + Information regarding secure boot and signed module enforcement will + appear in the kernel log thusly: + + 'Secure boot enabled' - normal secure boot operation with signed module enforcement. + 'Secure boot MOKSBState disabled' - UEFI Secure boot state has been over-ridden by MOKSBState. No signed module enforcement. + + In the absense of a 'Secure boot' string assume that secure boot is + disabled or does not exist.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1571691 Title: linux: MokSBState is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1571691/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
