Created attachment 1554054[details]
Linux kernel module for testing
1. Please describe the problem:
The kernel allows unsigned modules to be loaded with kernel lockdown enabled (this happens regardless of whether lockdown is triggered by EFI secure boot or by "lockdown=1" on the kernel command line).
2. What is the Version-Release number of the kernel:
5.0.6-200.fc29.x86_64
3. Did it work previously in Fedora? If so, what kernel version did the issue
*first* appear? Old kernels are available for download at
https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :
The kernel blocks the loading of unsigned kernel modules (as expected) in 4.20.16-200.fc29.x86_64. I first observed the issue in 5.0.3-200.fc29.x86_64.
4. Can you reproduce this issue? If so, please provide the steps to reproduce
the issue below:
Download hello.c and Makefile to a temporary folder, run ``make all`` then ``insmod hello.ko``
5. Does this problem occur with the latest Rawhide kernel? To install the
Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
``sudo dnf update --enablerepo=rawhide kernel``:
6. Are you running any modules that not shipped with directly Fedora's kernel?:
Yes.
7. Please attach the kernel logs. You can get the complete kernel log
for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
issue occurred on a previous boot, use the journalctl ``-b`` flag.
Could not test with rawhide kernel because the module could not be built (I couldn't install kernel-devel, so make failed in the absence of necessary files)