Re: Passing Kernel Params from systemd-boot for Secure Boot UKI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Di, 15.10.24 15:13, Srinivas Naik (nivasnaik@xxxxxxxxx) wrote:

> Hi All,
> I have a question on this, when secure boot is enabled, addons file also
> must be signed?

Yes. That's the point of that.

> On devices which use OSTree for OTA, there is a need to update the command
> line parameter at run time with the latest SHA deployment.

You can use systemd credentials for that, but would have to tell
ostree to look in one for that. systemd credentials can be locked
against the local TPM, and hence be authenticated that way.

Lennart

--
Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux