On Tue, Feb 20, 2018 at 2:51 PM Matthew Garrett <[email protected]> wrote:
> Distributions build kernels that are intended to satisfy multiple > use-cases. One is that kernels must be usable in scenarios where module > signing is required (such as many Secure Boot policies) and scenarios > where it isn't (such as booting the same kernel on a legacy BIOS > system). This requires that CONFIG_MODULE_SIG be set, but this causes a > change in behaviour for the legacy platform case - loading an unsigned > module now taints the kernel. This is a change in behaviour, and may > cause users to file bugs, increasing distribution support load. Sorry, just realised I sent the wrong version of this - I'll resend.

