Third Party Module Signing for Secure Boot


One Line Summary

Discuss the various methods for signing and using third party modules with Secure Boot enabled.


The kernel currently has support for signing kernel modules, which can be used to ensure that Secure Boot is not circumvented by untrusted module code. While the existing in-kernel support can be used to sign out-of-tree drivers, the environment, tooling, and support implications make this somewhat unattractive.

Discussion on how to solve this in a generic fashion would be good.


  • Josh Boyer

    Red Hat


    Josh is one of the Linux kernel maintainers for the Fedora Project. He currently works for Red Hat doing the maintainer role as well as poking about in various areas of the kernel in general, including Secure Boot and PowerPC support. He resides in western Michigan.

Leave a private comment to organizers about this proposal