Package Details: arch-sign-modules 0.7.1-1

Git Clone URL: https://aur.archlinux.org/arch-sign-modules.git (read-only, click to copy)
Package Base: arch-sign-modules
Description: Signed (In Tree & Out of Tree) Kernel Modules for linux linux-lts linux-hardened linux-zen + AUR kernels
Upstream URL: https://github.com/itoffshore/Arch-SKM
Keywords: kernel modules signed
Licenses: MIT
Submitter: itoffshore
Maintainer: itoffshore
Last Packager: itoffshore
Votes: 4
Popularity: 0.071680
First Submitted: 2020-05-23 20:34 (UTC)
Last Updated: 2024-04-07 13:25 (UTC)

Dependencies (6)

Required by (0)

Sources (1)

Latest Comments

1 2 Next › Last »

micwoj92 commented on 2023-11-07 23:16 (UTC)

Please set pkgrel to 1.

EternalFlameIV commented on 2023-09-05 01:23 (UTC)

Couldn't independently reinstall the used driver since they all come in a package (referred to by dkms as digimend-kernel-drivers). Rebuilt and reinstalled the kernel via abk to no effect. (As an aside, modinfo as shown in previous comment shows 9 modules signed out of 9 and the module signatures to be identical between the nvidia and digimend drivers.)

itoffshore commented on 2023-09-04 14:45 (UTC)

@EternalFlameIV - you need to either dkms install hid-uclogic/xxxx (where xxxx is the module version number) - or reinstall the kernel

EternalFlameIV commented on 2023-09-04 14:40 (UTC)

Still no dice - created the link /etc/dkms/hid-uclogic.conf -> /etc/dkms/kernel-sign.conf, uninstalled, rebooted, and reinstalled digimend-kernel-drivers-dkms-git, and still getting a warning and kernel taint.

itoffshore commented on 2023-09-04 12:56 (UTC) (edited on 2023-09-04 12:57 (UTC) by itoffshore)

@EternalFlameIV - I think your /etc/dkms symlink names need to match what you modprobe

(so probably one of hid-kye hid-uclogic hid-polostar hid-viewsonic).conf

you are using digimend-kernel-drivers.conf

EternalFlameIV commented on 2023-09-04 12:45 (UTC)

Hello - I've been trying to get Digimend properly signed on linux-xanmod, but for some reason the kernel refuses to acknowledge the modules as signed:

[ +11.101242] usb 1-3: new full-speed USB device number 6 using xhci_hcd
[  +0.133763] usb 1-3: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 1.11
[  +0.000005] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  +0.000001] usb 1-3: Product: Huion Tablet
[  +0.000001] usb 1-3: Manufacturer: HUION
[  +0.001593] hid-generic 0003:256C:006D.0009: hiddev1,hidraw4: USB HID v1.10 Device [HUION Huion Tablet] on usb-0000:00:14.0-3/input0
[  +0.041569] input: HUION Huion Tablet as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1/0003:256C:006D.000A/input/input40
[  +0.053220] hid-generic 0003:256C:006D.000A: input,hidraw6: USB HID v1.10 Device [HUION Huion Tablet] on usb-0000:00:14.0-3/input1
[  +0.765175] hid_uclogic: loading out-of-tree module taints kernel.
[  +0.000008] hid_uclogic: **module verification failed: signature and/or required key missing - tainting kernel**
[  +0.027304] input: HUION Huion Tablet as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/0003:256C:006D.0009/input/input41
[  +0.000247] input: HUION Huion Tablet Pad as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/0003:256C:006D.0009/input/input42
[  +0.000179] input: HUION Huion Tablet Touch Strip as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/0003:256C:006D.0009/input/input43
[  +0.000186] input: HUION Huion Tablet Dial as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/0003:256C:006D.0009/input/input44
[  +0.000181] uclogic 0003:256C:006D.0009: input,hidraw4: USB HID v1.10 Keypad [HUION Huion Tablet] on usb-0000:00:14.0-3/input0
[  +0.032870] uclogic 0003:256C:006D.000A: No inputs registered, leaving
[  +0.000068] uclogic 0003:256C:006D.000A: hidraw6: USB HID v1.10 Device [HUION Huion Tablet] on usb-0000:00:14.0-3/input1

Weirdly enough, I seem to have no problems with nvidia-dkms, which loads fine and does not throw a "signature verification failed" error at me.

[  +0.000054] nvidiafb 0000:02:00.0: enabling device (0000 -> 0003)
[  +0.000116] nvidiafb: Device ID: 10de1c92 
[  +0.000002] nvidiafb: unknown NV_ARCH
[  +1.225871] nvidia: module license 'NVIDIA' taints kernel.
[  +0.000003] Disabling lock debugging due to kernel taint
[  +0.000002] nvidia: module license taints kernel.
[  +0.009492] nvidia-nvlink: Nvlink Core is being initialized, major device number 507
[  +0.000004] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  535.104.05  Sat Aug 19 01:15:15 UTC 2023
[  +0.138677] nvidia_uvm: module uses symbols nvUvmInterfaceDisableAccessCntr from proprietary module nvidia, inheriting taint.
[  +0.229354] nvidia-uvm: Loaded the UVM driver, major device number 505.
[  +0.022023] nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms  535.104.05  Sat Aug 19 00:59:57 UTC 2023
[  +0.011041] [drm] [nvidia-drm] [GPU ID 0x00000200] Loading driver
[  +0.018296] ACPI Warning: \_SB.PCI0.RP05.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20230331/nsarguments-61)
[  +0.611591] [drm] Initialized nvidia-drm 0.0.0 20160202 for 0000:02:00.0 on minor 1

My /etc/dkms and /var/lib/dkms look fine, if very slightly messy:

$ ls -l /etc/dkms/*
lrwxrwxrwx 1 root root   26 Aug 20 08:19 /etc/dkms/digimend-kernel-drivers.conf -> /etc/dkms/kernel-sign.conf
-rw-r--r-- 1 root root 1534 May  7 08:24 /etc/dkms/framework.conf
-rw-r--r-- 1 root root  209 Sep  4 00:45 /etc/dkms/kernel-sign.conf
-rwxr-xr-x 1 root root  425 Sep  4 00:45 /etc/dkms/kernel-sign.sh
lrwxrwxrwx 1 root root   26 Aug 20 08:19 /etc/dkms/nvidia.conf -> /etc/dkms/kernel-sign.conf

/etc/dkms/framework.conf.d:
total 0

$ ls -l /var/lib/dkms/*
-rw------- 1 root root 1704 Jul 10  2022 /var/lib/dkms/mok.key
-rw-r--r-- 1 root root  811 Jul 10  2022 /var/lib/dkms/mok.pub

/var/lib/dkms/digimend-kernel-drivers:
total 8
drwxr-xr-x 5 root root 4096 Sep  4 07:25 11.r1.geca6e1b
lrwxrwxrwx 1 root root   38 May 25 12:49 kernel-6.3.3-zen1-1-zen-x86_64 -> 11.r1.geca6e1b/6.3.3-zen1-1-zen/x86_64
lrwxrwxrwx 1 root root   38 Sep  4 07:25 kernel-6.4.12-arch1-1.1-x86_64 -> 11.r1.geca6e1b/6.4.12-arch1-1.1/x86_64
lrwxrwxrwx 1 root root   46 Sep  4 07:25 kernel-6.4.14-skylake-xanmod1-1-x86_64 -> 11.r1.geca6e1b/6.4.14-skylake-xanmod1-1/x86_64
drwxr-xr-x 3 root root 4096 Aug 20 20:48 original_module

/var/lib/dkms/nvidia:
total 8
drwxr-xr-x 5 root root 4096 Sep  4 07:15 535.104.05
lrwxrwxrwx 1 root root   34 Aug 31 16:39 kernel-6.4.11-arch2-1.1-x86_64 -> 535.104.05/6.4.11-arch2-1.1/x86_64
lrwxrwxrwx 1 root root   34 Aug 31 16:43 kernel-6.4.12-arch1-1.1-x86_64 -> 535.104.05/6.4.12-arch1-1.1/x86_64
lrwxrwxrwx 1 root root   42 Sep  4 07:15 kernel-6.4.14-skylake-xanmod1-1-x86_64 -> 535.104.05/6.4.14-skylake-xanmod1-1/x86_64
drwxr-xr-x 4 root root 4096 Aug 31 16:39 original_module

The modules in /lib/modules/${kernver}/updates/dkms also seem signed:

$ ls /lib/modules/6.4.14-skylake-xanmod1-1/updates/dkms
hid-kye.ko  hid-polostar.ko  hid-uclogic.ko  hid-viewsonic.ko  nvidia-drm.ko  nvidia.ko  nvidia-modeset.ko  nvidia-peermem.ko  nvidia-uvm.ko
$ modinfo /lib/modules/6.4.14-skylake-xanmod1-1/updates/dkms/* | grep signer
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key
signer:         Local Out of tree kernel module signing key

Is there something special about these modules that makes the kernel not like them? Is more work just needed to support more DKMS packages?

PrfStrwberry commented on 2022-10-20 09:53 (UTC) (edited on 2022-10-29 23:50 (UTC) by PrfStrwberry)

I will try it right away. Thank you!

EDIT: It works. Thank you!!

UPDATE 30/10/2022: actually none of my dkms modules get signed.

I didn't have the time, to run arch in a while. Today I came back and I am greeted with a black screen, when I select xanmod. I have also tried linux with the force module sign kernel argument.

When I remove the kernel boot parameter, the linux kernel boots without a problem. For the xanmod kernel I don"t even have the kernel parameter enabled.

I checked and none of the dkms modules are signed, even though the abk script is running without any problems.

What am I doing wrong? I might just give up and disable secureboot.

itoffshore commented on 2022-10-17 16:35 (UTC) (edited on 2022-10-19 19:12 (UTC) by itoffshore)

@PrfStrwberry - abk -i will look for packages in whatever you have configured in /etc/makepkg.conf for PKGDEST.

  • linux-xanmod support added in the current 0.5.2 version.

  • For others building AUR kernels see the AUR Kernel Notes for issues I noticed when testing abk.

I ==> Finished making: linux-xanmod 6.0.2-1 (Wed 19 Oct 2022 01:04:25 BST) - perhaps you could test the signed Nvidia module ? (I normally use an AMD GPU in Arch / Nvidia in a vm)

PrfStrwberry commented on 2022-10-17 05:19 (UTC)

Could you help me with my problem? I am trying to build linux-xanmod from aur and I need nvidia-dkms. So what I am doing is as follows:

I git clone from aur linux-xanmod into ~/kernelbuild folder, as suggested by Arch.

I then abk -u linux-xanmod, copy the code from the example to the PKGBUILD.

Then I do abk -b linux-xanmod.

It builds until the genkeys.py is called from the script. It cannot find the 'current ' folder. So what I do, is running genkeys.py -c myself. Now the 'current' folder exists and building continues.

After building it says log can be read at: and there is just an empty output. Anyway it finished, so on to the next step.

abk -i linux-xanmod

The linux-xanmod package does not exist.

So I am trying makepkg -si and I can install it, but when I restart into linux-xanmod, I just get a grey screen. I assume it's because nvidia-dkms is not booting with secure boot.

The linux kernel with nvidia-dkms and secure boot works flawless though.

afader commented on 2022-05-08 23:22 (UTC)

Got it working, thanks for the help & for maintaining this package!