You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2021-11-05 08:02:23
- 3y3p4tch
- Member
- Registered: 2021-11-05
- Posts: 1
NVIDIA package for linux-hardened?
Hi,
I recently switched to Arch. I am running a linux-hardened kernel and I noticed that the only nvidia proprietary driver package currently supported for linux-hardened is nvidia-dkms
I also noticed that there are other packages nvidia and nvidia-lts providing support for linux and linux-lts kernels respectively. I would ideally not want to have dkms package installed on my system since I don't use any custom out-of-tree kernel modules, and having dkms seems to possibly increase the attack surface.
Since linux-hardened is a kernel officially provided by Arch itself, it would be great if a package "nvidia-hardened" can also be added to the list of officially provided packages. I had a look at the PKGBUILD of nvidia and nvidia-lts, and I think supporting "nvidia-hardened" wouldn't be challenging
Offline
#2 2021-11-05 08:20:29
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,223
Re: NVIDIA package for linux-hardened?
linux-zen is also an official kernel that does not ship a nvidia package either, I doubt this will be done. You do use a custom out-of-tree kernel module, the nvidia kernel module. What "possibly increase the attack surface" are you afraid of exactly? To instill a relevant dkms build instruction for out of tree kernel modules you need root access, at which point you are owned anyway.
In any case, chances that the relevant packager sees this here are slim you might try a low prio feature request on the bug tracker. Alternatively if you feel strongly about this, just do the relevant rebuilds yourself: https://wiki.archlinux.org/title/Arch_Build_System
Last edited by V1del (2021-11-05 12:19:57)
Offline
#3 2021-11-05 21:36:02
- Ammako
- Member
- Registered: 2021-07-16
- Posts: 267
Re: NVIDIA package for linux-hardened?
Any malicious package could just include a pre-compiled dkms module for your kernel version anyway, without needing dkms installed on the system. The nvidia packages do this.
And yeah, you'd need root in the first place too.
Last edited by Ammako (2021-11-05 21:36:30)
Offline
Pages: 1