On Saturday, October 15, 2022 12:07:40 AM CDT Sharpened Blade via users wrote: > I am building a kernel from the fedora `kernel.spec` file and SRPM. It works > as good as the official kernel, but nothing in it is signed. I know that I > can sign the kernel RPM package, but what about the kernel itself (for > secure boot). The Fedora kernel is signed on a separate system, but I can > not find any docs for it. I know that I cant use Fedora's keys, but what > about signing it with my keys, then adding those keys to the shim. > I am trying to make it so that a user starting on a fresh install can use > the kernel by adding the public keys to the shim, then installing the > kernel RPM. I also want the modules to be signed with my key (I don't care > if it is the same key that used for the rest of the kernel). I do not mean > signing the RPM packages, but the binaries that are installed from the RPM > package. I also do not want to have to signed the installed binaries with a > per install key locally. > tl;dr: I want to make kernel RPM package that is exactly the same as the > Fedora package, but I compile it, and it uses my signing keys. I also want > to be able to distribute this in the same way as the Fedora package, but > with the user adding the key to the shim. Take a look at: * https://jwboyer.livejournal.com/46149.html * https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/mod-sign.sh _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
