[systemd-devel] How to factory reset?
dh.herrmann at gmail.com
Thu Mar 12 06:44:28 PDT 2015
On Thu, Mar 12, 2015 at 2:41 PM, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> initrd and cmdline are volatile and generated on end-user system. So
> your container must be signed on end user system. End user obviously
> does not have Microsoft or vendor private keys to sign your container,
> so end user must manage own keys. Apparently, it is not quite as
> simple, otherwise we would not need to invent shim in the first place.
The signed EFI binary is distributed by your
distribution/vendor/key-owner. The machine-owner is responsible of
putting the key of your vendor into the firmware.
More information about the systemd-devel