Hi,

I have successfully integrated 'efi-secure-boot' feature in my images and also was trying to integrate 'modsign' for kernel modules integrity. It works properly for kernel modules which are in-tree but it is not working at all for out of tree modules. All my modules which are out of tree are not signed in the final image. I though that just having modules_install target in out of tree modules' Makefiles would be enough to sign them if CONFIG_MODULE_SIG_ALL is enabled in kernel configuration (which is the defaults when integrating modsign feature) but it looks it is not. Can you please clarify if is this a supported feature for out of tree modules and a possible path to go in order to have this working properly?

Thanks in advance for your time.