| Message ID | 20181219154020.GA4659@brain |
|---|---|
| State | New |
| Headers | show |
| Series | [Disco] LP:1764792 -- produce signatures for nvidia dkms modules | expand |
On Wed, Dec 19, 2018 at 03:40:20PM +0000, Andy Whitcroft wrote: > We are working up to producing signed Nvidia modules. We cannot ship > those assembled due to licensing but we wish for the result to be a > working .ko which is signed into the kernels kernel-module signing key. > > To do this we will build the dkms modules in a reproducible manner which > allows them to be linked on installation on the end-user system (meeting > the licensing constraints). As the build is reproducible we are able > to build, sign, and discard the modules in the primary kernel build > keeping only the signatures. These will then be consumed by a linux-lrm > package which will produce the same reproducible build pieces (unlinked) > and incorporate the associated signature. Later when installed the .kos > can be linked and that signature applied so they are loadable under > signing. > > Proposing for application to disco. Applied to disco/master-next and unstable/master, thanks!
We are working up to producing signed Nvidia modules. We cannot ship those assembled due to licensing but we wish for the result to be a working .ko which is signed into the kernels kernel-module signing key. To do this we will build the dkms modules in a reproducible manner which allows them to be linked on installation on the end-user system (meeting the licensing constraints). As the build is reproducible we are able to build, sign, and discard the modules in the primary kernel build keeping only the signatures. These will then be consumed by a linux-lrm package which will produce the same reproducible build pieces (unlinked) and incorporate the associated signature. Later when installed the .kos can be linked and that signature applied so they are loadable under signing. Proposing for application to disco. -apw The following changes since commit 7df2ac79ed6d256af0c4f13ac2b8671c585ed9ca: UBUNTU: update dkms package versions (2018-12-11 14:37:04 -0600) are available in the Git repository at: git://git.launchpad.net/~apw/ubuntu/+source/linux/+git/disco build-nvidia-signatures for you to fetch changes up to 68aace1f2ec40a2a280d03e4f167e154697e256b: UBUNTU: [Packaging] nvidia -- make nvidia package version explicit (2018-12-19 10:46:35 +0000) ---------------------------------------------------------------- * Build Nvidia drivers in conjunction with kernel (LP: #1764792) - [Packaging] dkms -- add per package post-process step - [Packaging] dkms -- switch to a consistent build prefix length and strip - [Packaging] nvidia -- build and sign nvidia packages and ship signatures - [Packaging] nvidia -- make nvidia package version explicit