You are not logged in.
- Topics: Active | Unanswered
#1 2022-09-23 18:38:23
- leomeinel
- Member
- Registered: 2022-08-01
- Posts: 34
[SOLVED] acpi_call and acpi_call-lts packages are not signed
Hello,
I just noticed some errors when running
journalctl -p 3 -xbsystemd-modules-load: Failed to insert module 'acpi_call': Key was rejected by service
systemd-modules-load: Failed to insert module 'acpi_call': Key was rejected by service
systemd: Failed to start Load Kernel Modules.I have this in my /etc/default/grub for kernel parameters:
GRUB_CMDLINE_LINUX_DEFAULT="... module.sig_enforce=1 ..."
GRUB_CMDLINE_LINUX="... module.sig_enforce=1 ..."I would assume that the error is related to that and that acpi_call and acpi_call-lts are not signed!
Since this isn't really a part of the linux kernel but in the official repos, I don't know if this behaviour is intended or not, but having those packages signed would be a great idea in my opinion.
Note: I am pretty unfamiliar with the topic but I wonder if there is a way to ship the package in the repo and having it automatically signed so it can be loaded when it is enforced?
Additional info: I also don't know how for example nvidia modules behave or other modules, my /etc/mkinitcpio.conf would look like this if on NVIDIA:
MODULES=(btrfs nvidia nvidia_modeset nvidia_uvm nvidia_drm)Last edited by leomeinel (2022-09-23 18:55:17)
Offline
#2 2022-09-23 18:42:55
- leomeinel
- Member
- Registered: 2022-08-01
- Posts: 34
Re: [SOLVED] acpi_call and acpi_call-lts packages are not signed
Another thing I was wondering about is how -dkms packages behave. For example when I'd install acpi-dkms or nvidia-dkms. Would the modules automatically be signed by the kernel?
And yes, I did some research on the general topic, actually a lot but I couldn't really find anything that helped me with this exact question or the ones from before sadly.
There is arch-sign-modules but it seems like maintenance hell to me.
Last edited by leomeinel (2022-09-23 18:44:22)
Offline
#3 2022-09-23 18:47:43
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,891
Re: [SOLVED] acpi_call and acpi_call-lts packages are not signed
Kernel packages generate a new key pair for each build. The private key is not packaged / shared so can not be used to sign modules built in separate packages.
https://github.com/archlinux/svntogit-p … b952d4e55d
Offline
#4 2022-09-23 18:52:38
- leomeinel
- Member
- Registered: 2022-08-01
- Posts: 34
Re: [SOLVED] acpi_call and acpi_call-lts packages are not signed
Kernel packages generate a new key pair for each build. The private key is not packaged / shared so can not be used to sign modules built in separate packages.
https://github.com/archlinux/svntogit-p … b952d4e55d
Okay, thanks for the reply! That clears up some of my question. I will mark this as solved since there probably isn't a way to solve this in the repos anyways. I guess not enforcing signed modules is the easiest option 
Offline