#How can I install a custom kernel module on Secureblue?

Hi there, I'm trying to setup Looking Glass on Secureblue. The docs recommend that you install a kernel module with dkms, which sadly isn't available on Fedora Atomic.

How can I install the module without dkms? Happy for any advice.

ublue already has a kvmfr kmod

so you can use theirs via bluebuild using their kmods module

https://github.com/ublue-os/akmods?tab=readme-ov-file#kmod-packages

https://blue-build.org/reference/modules/akmods/

https://tenor.com/view/pikachu-cute-gif-25301642

Damn!

Nice, thank you for the hint. I'll give it a try and report!

you may have secure boot issues given that their kmods are signed with a different key

but if you enroll their key which you should already have enrolled, it might just work

¯_(ツ)_/¯

Uhh ... did I? 😄

secureblue used to use it

because we used to use their nvidia kmod

until today

Well, I have to admit, I've managed to brick my desktop PC today, so I have to re-install Secureblue. Will that secureboot-key-issue pose a problem then?

you won't be able to load the ublue kmod you install until you enroll their key, yes

easy fix though

just enroll it 🙂

Sorry I'm not very knowledgeable about this. Before Secureblue I've never used secureboot. I assume enrolling multiple keys is possible then? Doesn't that pose a security risk?

yes you can enroll multiple keys

and you're already trusting them to install a module running in ring 0 in the kernel

so no it's not really any risk on top of that

you're just telling the bios that you trust them

which if you're running their module in your kernel

you already are

... true.

Hey, on the topic of bricking my system, is there a way of keeping more ... snapshots? Images? Choices to boot from in GRUP, I mean. In case I do a thing again.

yes

https://docs.fedoraproject.org/en-US/fedora-silverblue/faq/#_how_can_i_upgrade_my_system_to_the_next_major_version_for_instance_rawhide_or_an_upcoming_fedora_release_branch_while_keeping_my_current_deployment

That's nice to know as well, but if I'd like to have more choices, e.g. not choosing between the current or the last deployment, but choosing the one before the last. Is it possible to extend the list of deployments to, say, five entries?

not to my knowledge

Ahh, what a pity. Then I'll just need to remind myself to pin a deployment before doing something stupid very smart the next time.

@atomic holly You are looking for: https://docs.fedoraproject.org/en-US/fedora-silverblue/updates-upgrades-rollbacks/#rolling-back

no they want multiple degrees of staging

I've looked into this and I must admit that I don't quite understand how I can install those? 😄

The second link mentions a configuration file (?) while the Github ressource talks about a container? 🤔

read the bluebuild link i sent

you will need a custom image

i'm also trying to install this custom module for my laptop before installing atomic fedora and rebase to secureblue
https://github.com/ferstar/ideapad-laptop-tb

what i tried so far:

• create my own bluebuild autobuild with github action with help from bluebuild workshop
• set base to

base-image: ghcr.io/secureblue/silverblue-main-hardened
image-version: latest

• and uh... my brain got so hot from reading and processing docs around lol

i'm seeking for advice (like am I going right or most effective way), any other help is greatly appreciated

thanks

going out for dinner, will be back soon

Fork secureblue, add your desired kernel modules, enable GitHub actions (ideally just the specific image you need), rebase to that, make sure you regularly pull commits from the main secureblue repo and that your fork is generating new images. You'll also need to generate your own secrets. Basically just follow our GitHub actions contributer instructions

it's not that simple since this isn't packaged for secureblue atm

also this guy is banned now 🙂

What did he do lol

lul what, why?

@atomic holly @cinder geyser casual homophobia followed by trying to argue about the ban in another server...

Dude was casual?! He had it coming, then! 😄
Joking. Good thing you keep the server civil.

he was tryna be subtle with it

also then he logged in on an alt

just kept giving me more reasons to ban him

😆

Lol now I'm curious about the actual messages. Subtlety yet casually homophobic? 😄

Also: why. I mean politics are strictly banned on this server, right? What is there about Secureblue that could spark such comments?