N-Mc-Nally
commented
3 years ago @CommitThis could you fill out the details on this please?
Closed N-Mc-Nally closed 3 years ago
N-Mc-Nally
commented
3 years ago @CommitThis could you fill out the details on this please?
CommitThis
commented
3 years ago Sorted. Don't think this is a bug by the way. Would say it's more of a low priority issue.
N-Mc-Nally
commented
3 years ago Thanks @CommitThis, much appreciated! @toganlabs Gawen fleshed out the details here.
johntoomey
commented
3 years ago closing this as it should be done as part of this: https://github.com/NetworkGradeLinux/mion/issues/90
One platform that we are aware of requires a modified kernel driver in order to properly bring up a network interface, a driver which overrides an already existing in-tree module. In Ubuntu, we packaged the module in a Debian package and used DKMS to allow automatic re-compilation on the event of a kernel upgrade.
With respect to Mion, this is less of an issue as we can patch the in-tree module before the kernel is built. However, I wasn't sure whether you are able to update the kernel without producing a new image, and what effect that might have on modules in general.
If we were to use out-of-tree modules, I believe this may taint the kernel, and consequently, secure boot may fail to verify and boot the kernel, but to be honest, I'm not sure this is right. Having said that, I believe that MOK can help regenerate verification keys on the event of a kernel module change.