4761e4f3fa
Secure Boot's hasn't been tested since July 2018 The principle players in the Secure Boot chain of trust are Shim, Grub, and the Linux kernel. All three components have seen multiple upgrades since the last test. A new build option has been added to shim, (ENABLE_SHIM_CERT) that enables/disables the support for an embedded shim key. It defaults to disabled. It also controls the generation of a random shim key, and the build time signing of fallback and MokManager components. Since we don't want a random shim key (reproducable builds), and we do signing as a post build step, leaving it disabled seemed like the correct setting initially... until it's function to disable shim keys entirely was discovered. This update reworks the shim patch so that we can embed a prebuilt shim key, and still have shim key functionality active. Closes-Bug: 1864245 Change-Id: Ibcb6bcfe3060ce0b3e2c2f3c23908bb7127b0ccd Signed-off-by: Scott Little <scott.little@windriver.com> |
||
|---|---|---|
| .. | ||
| centos | ||
| files | ||