A signed kernel module and a signed kernel have different security properties: a signed kernel has access to the firmware state prior to calling ExitBootServices, a module does not. So, no, this implementation in the shim package which was implemented specifically to support dkms modules should not be changed to support signing kernels.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939565 Title: kernel signed by mok failed to boot if secure boot is on To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1939565/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
