-
|
When I use official installer image: ghcr.io/siderolabs/installer:v1.4.6 and extensions image: ghcr.io/siderolabs/gasket-driver:97aeba58-v1.4.6 to install Talos, gasket-driver can be loaded successfully. talosctl dmesg |grep gasket talosctl read /proc/modules However, when I tried to use my self-build installer image and corresponding gasket-driver image to install Talos, gasket driver can't be loaded. talosctl dmesg |grep gasket talosctl read /proc/modules Is this issue related with the kernel config parameters. Or can you give some hints on it. And If I want to insert an oot driver to talos, what should I do? Can I follow the way https://github.com/siderolabs/pkgs/blob/main/gasket-driver/pkg.yaml does? Dose it work? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Talos Linux kernel is using an ephemeral (discarded during the build) key to sign kernel modules, and it only allows loading modules signed with that key. When you use official installer and extensions, they were built from the same kernel package, so the key matches. When you use your own installer (kernel), the key is different. So tl;dr is that if you build yourself, you need to make sure every kernel module is coming from the same build as the kernel itself. |
Beta Was this translation helpful? Give feedback.
Talos Linux kernel is using an ephemeral (discarded during the build) key to sign kernel modules, and it only allows loading modules signed with that key.
When you use official installer and extensions, they were built from the same kernel package, so the key matches.
When you use your own installer (kernel), the key is different.
So tl;dr is that if you build yourself, you need to make sure every kernel module is coming from the same build as the kernel itself.