Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
No problem! The sbctl package ships with a pretty extensive hook out of the box (https://github.com/Foxboron/sbctl/blob/master/contrib/pacman/ZZ-sbctl.hook). It's been very reliable for automatically resigning .efi executables after updates for me.
EDIT: Actually, I tested this just now by setting module.sig_enforce=1 in the kernel cmdline and it doesn't work. It turns out Fedora/Ubuntu/etc ship this custom patch in the kernel that explicitly allows using platform (secure boot) keys for verifying kernel modules: https://gitlab.com/cki-project/kernel-ark/-/commit/07db43366d560153fd1d418cfebe2370fb20697e. The patch is not in the upstream kernel yet, so Arch doesn't have it.