On Thu, 2020-07-09 at 11:17 -0700, stan via devel wrote: > On Thu, 09 Jul 2020 18:07:39 +0300 > nickysn@xxxxxxxxx wrote: > > > Yes, that's why "secure boot" should only be an option and the user > > must have the option to turn it off. Otherwise, it wouldn't be > > possible to do any kernel development on that computer. > > For my edification. I build custom kernels, and sign them using > pesign with my own key that I generated locally, and put in the EFI > key > database. I can then boot the custom kernel in secure mode. Couldn't > I > also sign modules if I ever generated them with that same key? > > That is, isn't this only an issue if the person doing the kernel > development hasn't generated their own key, and isn't signing their > kernels locally? To be honest, I don't know. Do all UEFI secure boot implementations allow you to add your own keys to the list of trusted keys? Nikolay _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
