[Disco] LP:1764792 -- produce signatures for nvidia dkms modules

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Disco] LP:1764792 -- produce signatures for nvidia dkms modules

Andy Whitcroft-3
We are working up to producing signed Nvidia modules.  We cannot ship
those assembled due to licensing but we wish for the result to be a
working .ko which is signed into the kernels kernel-module signing key.

To do this we will build the dkms modules in a reproducible manner which
allows them to be linked on installation on the end-user system (meeting
the licensing constraints).  As the build is reproducible we are able
to build, sign, and discard the modules in the primary kernel build
keeping only the signatures.  These will then be consumed by a linux-lrm
package which will produce the same reproducible build pieces (unlinked)
and incorporate the associated signature.  Later when installed the .kos
can be linked and that signature applied so they are loadable under
signing.

Proposing for application to disco.

-apw

The following changes since commit 7df2ac79ed6d256af0c4f13ac2b8671c585ed9ca:

  UBUNTU: update dkms package versions (2018-12-11 14:37:04 -0600)

are available in the Git repository at:

  git://git.launchpad.net/~apw/ubuntu/+source/linux/+git/disco build-nvidia-signatures

for you to fetch changes up to 68aace1f2ec40a2a280d03e4f167e154697e256b:

  UBUNTU: [Packaging] nvidia -- make nvidia package version explicit (2018-12-19 10:46:35 +0000)

----------------------------------------------------------------
  * Build Nvidia drivers in conjunction with kernel (LP: #1764792)
    - [Packaging] dkms -- add per package post-process step
    - [Packaging] dkms -- switch to a consistent build prefix length and strip
    - [Packaging] nvidia -- build and sign nvidia packages and ship signatures
    - [Packaging] nvidia -- make nvidia package version explicit

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [Disco] LP:1764792 -- produce signatures for nvidia dkms modules

Seth Forshee
On Wed, Dec 19, 2018 at 03:40:20PM +0000, Andy Whitcroft wrote:

> We are working up to producing signed Nvidia modules.  We cannot ship
> those assembled due to licensing but we wish for the result to be a
> working .ko which is signed into the kernels kernel-module signing key.
>
> To do this we will build the dkms modules in a reproducible manner which
> allows them to be linked on installation on the end-user system (meeting
> the licensing constraints).  As the build is reproducible we are able
> to build, sign, and discard the modules in the primary kernel build
> keeping only the signatures.  These will then be consumed by a linux-lrm
> package which will produce the same reproducible build pieces (unlinked)
> and incorporate the associated signature.  Later when installed the .kos
> can be linked and that signature applied so they are loadable under
> signing.
>
> Proposing for application to disco.

Applied to disco/master-next and unstable/master, thanks!

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team