mirror/kde-linux
1
0
Fork 0
mirror of https://github.com/KDE/kde-linux.git synced 2026-05-24 08:16:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Stop including out-of-tree kernel modules

Browse Source 
This presents some practical problems:
- We'll almost certainly fail shim review and therefore won't be able to
  have secure boot
- Pre-installing these modules taints our kernel, which will be
  problematic for engagement with upstream
- These modules can be fragile (see for example
  https://invent.kde.org/kde-linux/kde-linux/-/work_items/618)
- Including these modules broadens the attack surface, worsening
  security.

As nice as it is to have an "everything and the kitchen sink" approach
to hardware support via these out-of-tree kernel modules, I think the
drawbacks to the project as a whole and all of its users outweigh the
benefits to the specific people who benefit here.

Fixes #618
This commit is contained in:
Nate Graham
2026-05-19 10:40:36 -06:00
parent 299b007b2c
commit 9320115be4
2 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mkosi.conf.d/00-packages-core.conf
View File

@@ -59,10 +59,8 @@ Packages=
ccid # Generic USB CCID/ICCD card readers
fprintd # Fingerprint authentication
iio-sensor-proxy # Auto-rotation
linux-apfs-rw-dkms # Experimental APFS kernel module with Write support
linux-firmware-marvell # Firmware files for marvell products
lvm2 # Logical Volume Manager 2 support
openrazer-daemon # Drivers etc. for Razer hardware
pam-u2f # 2nd factor PAM support for Yubikey hardware authenticators
powertop # Energy monitoring; also used in our energy tuning scripts
sane # scanner udev rules - everything else in the package is deleted later
@@ -75,7 +73,6 @@ Packages=
udisks2-btrfs # support for Btrfs in udisks
usb_modeswitch # WiFi dongles that have a flash storage mode preventing use OOTB
usbmuxd # Apple iOS devices via USB
v4l2loopback-utils # v4l2loopback dkms and tools for virtual Camera functionality in certain applications
wireless-regdb # Gets us the wireless-regdom file that we can modify as needed
yubikey-full-disk-encryption # Support for unlocking a FDE LUKS partition with Yubikey hardware authenticators
@@ -102,7 +99,6 @@ Packages=
flatpak # Flatpak apps
fuse2 # Some AppImage apps
fuse3 # The rest of the AppImage apps (also loads of other things as a required dependency)
vhba-module # Kernel module needed for cdemu-client
# Virtualization/VM integration
dnsmasq # Hotspot creation and networking in VMs

1
mkosi.conf.d/80-packages-cli.conf
View File

@@ -38,7 +38,6 @@ Packages=
bash-completion # Completions for Bash
bat # Opinionated fancy cat
bluez-utils # useful Bluetooth CLI tools
cdemu-client # Virtual optical drive support for CDEmu disc image mounting
cpupower # For more granular tuning of CPU limits; needs to touch the kernel
drm-info # for debugging KWin and other graphics issues
duf # Opinionated fancy df