[systemd-devel] why systemd-boot (seems as everyone else) does not check the signatures of initramfs?
Lennart Poettering
lennart at poettering.net
Thu May 25 08:29:58 UTC 2023
On Do, 25.05.23 10:08, Andrea Pappacoda (andrea at pappacoda.it) wrote:
> Il giorno mer 24 mag 2023 alle 14:35:05 +02:00:00, Lennart Poettering
> <lennart at poettering.net> ha scritto:
> > Note that in systemd git main there's already support for generating
> > UKIs dynamically when a kernel RPM/DEB is installed (as long as the
> > "kernel-install" infra is in use). It can be signed with a local key,
> > that can be enrolled with MOK.
>
> This sounds really interesting! Could you please point to some documentation
> about this feature? I'd like to try it out on my Debian system, if possible.
This has not been released yet in a stable release. It has been merged
into git main though.
See this for the original PR:
https://github.com/systemd/systemd/pull/27262
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list