Secure Boot, signed kernel modules (for shitvidia), and the Shim - Why does the kernel need to support SB after the handover? Can a graphics coprocessor just run as a hotpluged module unsigned?
Asking about why the kernel needs to support secure boot on an individual system where I am not concerned about the hole punched by the nvidia kernel module. I’m concerned about the proprietary boot loader firmware that will never be maintained well. I’m not asking if it is a good idea in general or for most people....
