I can clarify what's happening in the kernel. There are two bugs, and one is masking the other.
The first bug is that we don't use the secondary keyring for verifying module signatures. The secondary keyring is where the MOK ends. The second bug is that we aren't enforcing that modules must be signed when under lockdown. So even though signature verification fails due to the first bug the module is still allowed to load. I have patches for both bugs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1798863 Title: 18.10 kernel does not appear to validate kernel module signatures correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
