On Thu, Jan 05, 2023 at 12:56:31AM -0800, Luya Tshimbalanga wrote: > An issue with the testing method from the proposal: secure boot prevents the > resulting unsigned unified kernel to boot. It is signed, but with the test key. You can get the x509 ca cert for that using: certutil -L -d /etc/pki/pesign-rh-test -n "Red Hat Test CA" -a After enrolling the cert the kernel should boot fine. Doing that on a non-test system is a bad idea though. The qemu test images (https://www.kraxel.org/fedora-uki/) come with a edk2 vars file which has secure boot enabled and the test key enrolled. > It will be great to obtain a > scratch-build from koji for users running with enabled secured boot. scratch builds would get a test key signature only too I think. HTH, Gerd _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
