The kernel modules usually are signed with a different key. That key is created at build time and its private key is discarded after the build (and after the modules have been signed) and the kernel uses the public key to validate the modules IIRC. That is how Archlinux enables can somewhat support Secure Boot without the user needing to sign every kernel module or firmware file (it is also the reason why all the kernel packages aren't reproducible).
NekkoDroid
joined 1 year ago
And technically you can whitelist other certificates, too, but I have no idea how you might do that.
When you enter the UEFI somewhere there will be a Secure Boot section, there there is usually a way to either disable Secure Boot or to change it into "Setup Mode". This "Setup Mode" allows enrolling new keys, I don't know of any programs on Windows that can do it, but sbctl can do it and the systemd-boot bootloader both can enroll your own custom keys.
I did hear that one of their newer versions does use eBPF, but I haven't even remotely looked into it.
I don't think any of the major distros do it currently (some are working twards it tho), but there are ways (primarily/only one I know is with systemd-boot). It invokes one of the boot binaries (usually "Unified Kernel Images") that are marked as "good" or one that still has "tries left" (whichever is newer). A binary that has "tries left" gets that count decremented when the boot is unsuccessful and when it reaches 0 it is marked as "bad" and if it boot successfully it gets marked as "good".
So this system is basically just requires restarting the system on an unsuccessful boot if it isn't done already automatically.
I also didn't expect Lucy, I expected some other FGC character but I am not too too surprised considering they have RWBY in BBTAG
Accent colors are coming with GNOME 47.
I dunno, I don't have a camera feed into your life. But considering that is the first thing you respond to a clarification it most certainly wouldn't surprise me if you did.
I dont think home directory files should handled by something named tmpfiles.
The only reason its still called tmpfiles is because of backwards compatibility
This is a proposal by people funded by companies that would provide the services for this (https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content ).
A lot of actual politicians oppose this https://tbbacherle.eu/2024/06/18/open-letter/
The BSOD really isn't something to be mad at, it actually in theory is good but there is only so much you can do when a kernel panics. What you should be mad at is shitty drivers causing BSODs
which definitely seems out of scope.
Doesn't seem out of scope for a system and service management suite. Like, the timeperiod where systemd was "just an init" was relativly brief (like half a year).
view more: next ›
It really wouldn't change anything in the long run. Any company that creates a browser is gonna need some form of income and people aren't willing to pay for a browser. What would be their incentive to continue to work on the browser when they aren't being paid?