mirror/kde-linux
1
0
Fork 0
mirror of https://github.com/KDE/kde-linux.git synced 2026-06-02 12:45:43 -04:00
Code Issues Packages Projects Releases Wiki Activity

Stop including out-of-tree kernel modules

Browse Source 
This presents some practical problems:
- We'll almost certainly fail shim review and therefore won't be able to
  have secure boot
- Pre-installing these modules taints our kernel, which will be
  problematic for engagement with upstream
- These modules can be fragile (see for example
  https://invent.kde.org/kde-linux/kde-linux/-/work_items/618)
- Including these modules broadens the attack surface, worsening
  security.

As nice as it is to have an "everything and the kitchen sink" approach
to hardware support via these out-of-tree kernel modules, I think the
drawbacks to the project as a whole and all of its users outweigh the
benefits to the specific people who benefit here.

Fixes #618
This commit is contained in:
Nate Graham
2026-05-19 10:40:36 -06:00
committed by Hadi Chokr
parent 9ed5fb0209
commit da3daef753
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
mkosi.conf.d/00-packages-core.conf
View File

@@ -59,7 +59,6 @@ Packages=
ccid # Generic USB CCID/ICCD card readers
fprintd # Fingerprint authentication
iio-sensor-proxy # Auto-rotation
linux-apfs-rw-dkms # Experimental APFS kernel module with Write support
linux-firmware-marvell # Firmware files for marvell products
lvm2 # Logical Volume Manager 2 support
pam-u2f # 2nd factor PAM support for Yubikey hardware authenticators