[systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI
Lennart Poettering
lennart at poettering.net
Tue Oct 15 16:32:40 UTC 2024
On Di, 15.10.24 15:13, Srinivas Naik (nivasnaik at gmail.com) wrote:
> Hi All,
> I have a question on this, when secure boot is enabled, addons file also
> must be signed?
Yes. That's the point of that.
> On devices which use OSTree for OTA, there is a need to update the command
> line parameter at run time with the latest SHA deployment.
You can use systemd credentials for that, but would have to tell
ostree to look in one for that. systemd credentials can be locked
against the local TPM, and hence be authenticated that way.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list