Ask Your Question

Revision history [back]

I wonder if RPMFusion kernel modules are signed with Fedora signing key, but if it is true, you have 3 options:

  1. Wait for RPMFusion to build new kmod- packages. You can't use akmod for a system with Secure boot enabled because, just like dkms, the modules won't be signed and kernel will refuse to load them.
    1. Disable Secure boot. AFAIK, Fedora should boot without any problems if you disable secure boot after installation (Even if it has, you can enable it again and it must work).
    2. (Hard way!) Create your own key pairs, enroll it into UEFI, and sign everything (shim, grub2, kernel and all modules) with your own keys!

I wonder if RPMFusion kernel modules are signed with Fedora signing key, but if it is true, you have 3 options:

  1. Wait for RPMFusion to build new kmod- packages. You can't use akmod for a system with Secure boot enabled because, just like dkms, the modules won't be signed and kernel will refuse to load them.
    1. Disable Secure boot. AFAIK, Fedora should boot without any problems if you disable secure boot after installation (Even if it has, you can enable it again and it must work).
    2. (Hard way!) Create your own key pairs, enroll it into UEFI, and sign everything (shim, grub2, kernel and all modules) with your own keys!keys! Update: If you can add your own key to UEFI (you might be able to do it using UEFI's own setup screens or using mokutils package in Fedora) in addition to existing keys, then it is enough to sign only the module you compile yourself. As far as I see, Fedora kernel should consider all keys available in UEFI in addition to its own key, and loads kernel modules if they are signed with any of them. I still wonder if RPMFusion kmod's work on Fedora, and how.