Package Details: arch-sign-modules 0.5.5-0

Git Clone URL: https://aur.archlinux.org/arch-sign-modules.git (read-only, click to copy)
Package Base: arch-sign-modules
Description: Signed (In Tree & Out of Tree) Kernel Modules for linux linux-lts linux-hardened linux-zen + AUR kernels
Upstream URL: https://github.com/itoffshore/Arch-SKM
Keywords: kernel modules signed
Licenses: GPL
Submitter: itoffshore
Maintainer: itoffshore
Last Packager: itoffshore
Votes: 1
Popularity: 0.000542
First Submitted: 2020-05-23 20:34 (UTC)
Last Updated: 2023-01-05 22:07 (UTC)

Latest Comments

PrfStrwberry commented on 2022-10-20 09:53 (UTC) (edited on 2022-10-29 23:50 (UTC) by PrfStrwberry)

I will try it right away. Thank you!

EDIT: It works. Thank you!!

UPDATE 30/10/2022: actually none of my dkms modules get signed.

I didn't have the time, to run arch in a while. Today I came back and I am greeted with a black screen, when I select xanmod. I have also tried linux with the force module sign kernel argument.

When I remove the kernel boot parameter, the linux kernel boots without a problem. For the xanmod kernel I don"t even have the kernel parameter enabled.

I checked and none of the dkms modules are signed, even though the abk script is running without any problems.

What am I doing wrong? I might just give up and disable secureboot.

itoffshore commented on 2022-10-17 16:35 (UTC) (edited on 2022-10-19 19:12 (UTC) by itoffshore)

@PrfStrwberry - abk -i will look for packages in whatever you have configured in /etc/makepkg.conf for PKGDEST.

  • linux-xanmod support added in the current 0.5.2 version.

  • For others building AUR kernels see the AUR Kernel Notes for issues I noticed when testing abk.

I ==> Finished making: linux-xanmod 6.0.2-1 (Wed 19 Oct 2022 01:04:25 BST) - perhaps you could test the signed Nvidia module ? (I normally use an AMD GPU in Arch / Nvidia in a vm)

PrfStrwberry commented on 2022-10-17 05:19 (UTC)

Could you help me with my problem? I am trying to build linux-xanmod from aur and I need nvidia-dkms. So what I am doing is as follows:

I git clone from aur linux-xanmod into ~/kernelbuild folder, as suggested by Arch.

I then abk -u linux-xanmod, copy the code from the example to the PKGBUILD.

Then I do abk -b linux-xanmod.

It builds until the genkeys.py is called from the script. It cannot find the 'current ' folder. So what I do, is running genkeys.py -c myself. Now the 'current' folder exists and building continues.

After building it says log can be read at: and there is just an empty output. Anyway it finished, so on to the next step.

abk -i linux-xanmod

The linux-xanmod package does not exist.

So I am trying makepkg -si and I can install it, but when I restart into linux-xanmod, I just get a grey screen. I assume it's because nvidia-dkms is not booting with secure boot.

The linux kernel with nvidia-dkms and secure boot works flawless though.

afader commented on 2022-05-08 23:22 (UTC)

Got it working, thanks for the help & for maintaining this package!

itoffshore commented on 2022-05-07 19:37 (UTC) (edited on 2022-05-07 19:37 (UTC) by itoffshore)

@afader - sounds like maybe an issue with your dkms config. This is what my /etc/dkms looks like:

-rw-r--r-- 1 root root 1.1K Dec 17 10:25 framework.conf
-rw-r--r-- 1 root root  209 May  4 17:37 kernel-sign.conf
-rwxr-xr-x 1 root root  425 May  4 17:37 kernel-sign.sh
lrwxrwxrwx 1 root root   26 May  4 20:55 lkrg.conf -> /etc/dkms/kernel-sign.conf
lrwxrwxrwx 1 root root   26 May  4 19:26 nvidia.conf -> /etc/dkms/kernel-sign.conf
lrwxrwxrwx 1 root root   26 May  4 19:26 zfs.conf -> /etc/dkms/kernel-sign.conf

I have noticed in the past dkms upgrades have left /var/lib/dkms in need of tidying up. My /var/lib/dkms/* looks like:

/var/lib/dkms/lkrg:
total 8.0K
drwxr-xr-x 1 root root 92 May  4 21:37 0.9.3
lrwxrwxrwx 1 root root 26 May  4 21:33 kernel-5.15.37-1-lts-x86_64 -> 0.9.3/5.15.37-1-lts/x86_64                                                                                            
lrwxrwxrwx 1 root root 40 May  4 21:37 kernel-5.17.5-hardened1-1-hardened-x86_64 -> 0.9.3/5.17.5-hardened1-1-hardened/x86_64

/var/lib/dkms/nvidia:
total 12K
drwxr-xr-x 1 root root 148 May  5 17:04 510.68.02
lrwxrwxrwx 1 root root  30 May  5 17:03 kernel-5.15.37-1-lts-x86_64 -> 510.68.02/5.15.37-1-lts/x86_64                                                                                       
lrwxrwxrwx 1 root root  44 May  5 17:03 kernel-5.17.5-hardened1-1-hardened-x86_64 -> 510.68.02/5.17.5-hardened1-1-hardened/x86_64
drwxr-xr-x 1 root root  56 May  5 17:04 original_module

/var/lib/dkms/zfs:
total 8.0K
drwxr-xr-x 1 root root 92 May  4 21:37 2.1.4
lrwxrwxrwx 1 root root 26 May  4 21:33 kernel-5.15.37-1-lts-x86_64 -> 2.1.4/5.15.37-1-lts/x86_64                                                                                            
lrwxrwxrwx 1 root root 40 May  4 21:37 kernel-5.17.5-hardened1-1-hardened-x86_64 -> 2.1.4/5.17.5-hardened1-1-hardened/x86_64

I've just rebuilt linux-hardened-5.17.5 with version 0.3.3

My modules live under /lib/modules/5.17.5-hardened1-1-hardened/updates/dkms

icp.ko.zst         nvidia-modeset.ko.zst  p_lkrg.ko.zst  zcommon.ko.zst  znvpair.ko.zst
nvidia-drm.ko.zst  nvidia-peermem.ko.zst  spl.ko.zst     zfs.ko.zst      zunicode.ko.zst
nvidia.ko.zst      nvidia-uvm.ko.zst      zavl.ko.zst    zlua.ko.zst     zzstd.ko.zst

& are all signed:

modinfo /lib/modules/5.17.5-hardened1-1-hardened/updates/dkms/* | grep Local
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key

I did catch a bug or two with the latest updates - perhaps try the latest version ?

afader commented on 2022-05-07 19:03 (UTC)

Possibly my own fault from trying to get this to work with the previous manual steps and previous iteration of the package, but when I install this and run the various prescribed akb commands, while it builds the linux-hardened kernel, it renders my nvidia-dkms broken and then when I build with mkinitcpio I do not get nvidia modules.