[Kernel-packages] [Bug 1918134] Re: LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key

Launchpad Bug Tracker Mon, 12 Apr 2021 07:36:16 -0700

This bug was fixed in the package linux-restricted-modules -
5.8.0-49.55+1

---------------
linux-restricted-modules (5.8.0-49.55+1) groovy; urgency=medium


  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] convert to v4 autogen form

linux-restricted-modules (5.8.0-49.55) groovy; urgency=medium

  * Master version: 5.8.0-49.55

  * Miscellaneous Ubuntu changes
    - debian/dkms-versions -- update from master

 -- Stefan Bader <[email protected]>  Wed, 07 Apr 2021 15:53:36
+0200

** Changed in: linux-restricted-modules (Ubuntu Groovy)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-restricted-modules in Ubuntu.
https://bugs.launchpad.net/bugs/1918134

Title:
  LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing
  key

Status in linux package in Ubuntu:
  Fix Released
Status in linux-restricted-modules package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  In Progress
Status in linux-restricted-modules source package in Bionic:
  New
Status in linux source package in Focal:
  In Progress
Status in linux-restricted-modules source package in Focal:
  Fix Released
Status in linux source package in Groovy:
  In Progress
Status in linux-restricted-modules source package in Groovy:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux-restricted-modules source package in Hirsute:
  Fix Released

Bug description:
  To allow decoupling of nvidia-graphics-drivers-<version> streams and
  versions from the underlying kernel versions we wish to be able to
  sign new kernel modules into an existing kernel after the fact.  Under
  bug #1898716 we added support for an Ubuntu Modules signing key
  certificate.  Rebuild the LRM package to make use of this new
  signature.

  This involves splitting the LRM package into three.  linux-restricted-
  modules first builds the nvidia-graphics-drivers-* we require signed.
  linux-restricted-generate then consumes the .o's produced in that
  build and forms a signing custom binary upload for this.  linux-
  restricted-signatures then consumes the signing result from the LRG
  upload and expresses clean redistributible signatures which are
  consumed by LRM at installation time.  LRG must be embargoed as it
  (necessarily) generates fully formed .ko files for signing.

  Additional process is added to the kernel build life-cycle to handle
  the privacy requirements of the LRG/LRS interaction.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918134/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1918134] Re: LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key

Reply via email to