Hey all,
you already know us, from Kairos and bothering the list with a lot of stupid questions lately :D
We been using the upstream systemd-ukify for a while now as it provides a perfect builder for uki files with measurements and signing and everything on it, but as its a python package we have been having issues providing it in our Kairos iso/uki builder as the base image that we use might not have all deps, we may want to use ukify in a broad different OS and wanted to have the latest version of the util everywhere and so on.
So checking out we found out that talos had the ukify work halfway there so we worked on it a bit, extracted it and extended it to provide any missing functionality and now have a golang ukifier (only dependency is objcopy) that provides a single binary to build ukis with measurements, sb signed, signed measurements and such.
We were wondering if this is something that would interest systemd to have it under its umbrella? We understand that the future is pcrlock and all the measurements it brings (not only PCR11) but we think that there is still a nice for offline pcr11 measurements in there and pcrlock is still unstable until 257 which means that the best use case now can only use pcr11 measurements.
Anyway, too long already, just letting you folks know that if it's something that might interest systemd we are willing to work on this with y'all.
Cheers!
