* [ISSUE] ZFS module loading fails on newer kernels in BIOS mode
@ 2024-10-12 18:08 notramo
2024-10-13 0:39 ` Duncaen
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: notramo @ 2024-10-12 18:08 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 739 bytes --]
New issue by notramo on void-packages repository
https://github.com/void-linux/void-packages/issues/52618
Description:
### Is this a new report?
Yes
### System Info
Void 6.1.106_1 x86_64-musl GenuineIntel uptodate rrnFF
### Package(s) Affected
linux
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
no
### Expected behaviour
System boots successfully on ZFS root with BIOS mode, and lockdown active. I don't know if BIOS is a cause, or it would fail also on UEFI.
### Actual behaviour
ZFS module loading fails because the DKMS-built module is not signed.
`linux-lts` works even with lockdown.
### Steps to reproduce
Install ZFS, and try to load it on newer-than-lts kernels.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ZFS module loading fails on newer kernels in BIOS mode
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
@ 2024-10-13 0:39 ` Duncaen
2024-10-13 0:44 ` Duncaen
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Duncaen @ 2024-10-13 0:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 183 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/issues/52618#issuecomment-2408765785
Comment:
Its not supposed to work with lockdown.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ZFS module loading fails on newer kernels in BIOS mode
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
2024-10-13 0:39 ` Duncaen
@ 2024-10-13 0:44 ` Duncaen
2024-10-13 0:44 ` [ISSUE] [CLOSED] " Duncaen
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Duncaen @ 2024-10-13 0:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 268 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/issues/52618#issuecomment-2408765785
Comment:
Its not supposed to work with lockdown.
Edit: Module signing wasn't enabled in the old kernels, so its not enforcing it.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ISSUE] [CLOSED] ZFS module loading fails on newer kernels in BIOS mode
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
2024-10-13 0:39 ` Duncaen
2024-10-13 0:44 ` Duncaen
@ 2024-10-13 0:44 ` Duncaen
2024-10-13 12:17 ` notramo
2024-10-13 20:52 ` Duncaen
4 siblings, 0 replies; 6+ messages in thread
From: Duncaen @ 2024-10-13 0:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 742 bytes --]
Closed issue by notramo on void-packages repository
https://github.com/void-linux/void-packages/issues/52618
Description:
### Is this a new report?
Yes
### System Info
Void 6.1.106_1 x86_64-musl GenuineIntel uptodate rrnFF
### Package(s) Affected
linux
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
no
### Expected behaviour
System boots successfully on ZFS root with BIOS mode, and lockdown active. I don't know if BIOS is a cause, or it would fail also on UEFI.
### Actual behaviour
ZFS module loading fails because the DKMS-built module is not signed.
`linux-lts` works even with lockdown.
### Steps to reproduce
Install ZFS, and try to load it on newer-than-lts kernels.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ZFS module loading fails on newer kernels in BIOS mode
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
` (2 preceding siblings ...)
2024-10-13 0:44 ` [ISSUE] [CLOSED] " Duncaen
@ 2024-10-13 12:17 ` notramo
2024-10-13 20:52 ` Duncaen
4 siblings, 0 replies; 6+ messages in thread
From: notramo @ 2024-10-13 12:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 382 bytes --]
New comment by notramo on void-packages repository
https://github.com/void-linux/void-packages/issues/52618#issuecomment-2408956945
Comment:
@Duncaen, Lockdown is a very useful tool, module signing enforcement is only a small part of it. I guess all DKMS modules are forbidden when it's enabled. Is there a way to work around only the signing, but keep all the lockdown features?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ZFS module loading fails on newer kernels in BIOS mode
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
` (3 preceding siblings ...)
2024-10-13 12:17 ` notramo
@ 2024-10-13 20:52 ` Duncaen
4 siblings, 0 replies; 6+ messages in thread
From: Duncaen @ 2024-10-13 20:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 371 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/issues/52618#issuecomment-2409120923
Comment:
You might be able to disable just module signing with `module.sig_enforce=0` on the kernel cmdline, not sure about that though.
Otherwise maybe enrolling your keys and enable signing in dkms. https://wiki.debian.org/SecureBoot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-10-13 20:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-12 18:08 [ISSUE] ZFS module loading fails on newer kernels in BIOS mode notramo
2024-10-13 0:39 ` Duncaen
2024-10-13 0:44 ` Duncaen
2024-10-13 0:44 ` [ISSUE] [CLOSED] " Duncaen
2024-10-13 12:17 ` notramo
2024-10-13 20:52 ` Duncaen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).