On Mon, 2022-02-07 at 22:22 +0900, Masahiro Yamada wrote:
> On Sat, Feb 5, 2022 at 7:30 AM Matthew Wilcox wrote:
> >
> > On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > > +CC the maintainers of CERTIFICATE HANDLING
> > > M: David Howells
> > > M: David Woodhouse
>
On Wed, Feb 9, 2022 at 10:21 PM James Bottomley
wrote:
>
> On Tue, 2022-02-08 at 13:10 +, Matthew Wilcox wrote:
> > On Tue, Feb 08, 2022 at 12:01:22PM +0100, Julian Andres Klode wrote:
> > > It's worth pointing out that in Ubuntu, the generated MOK key
> > > is for module signing only (extende
On Wed, Feb 9, 2022 at 1:13 AM Julian Andres Klode
wrote:
>
> On Tue, Feb 08, 2022 at 01:10:34PM +, Matthew Wilcox wrote:
> > On Tue, Feb 08, 2022 at 12:01:22PM +0100, Julian Andres Klode wrote:
> > > It's worth pointing out that in Ubuntu, the generated MOK key
> > > is for module signing onl
On Tue, 2022-02-08 at 13:10 +, Matthew Wilcox wrote:
> On Tue, Feb 08, 2022 at 12:01:22PM +0100, Julian Andres Klode wrote:
> > It's worth pointing out that in Ubuntu, the generated MOK key
> > is for module signing only (extended key usage
> > 1.3.6.1.4.1.2312.16.1.2), kernels signed with it w
On Tue, Feb 08, 2022 at 01:10:34PM +, Matthew Wilcox wrote:
> On Tue, Feb 08, 2022 at 12:01:22PM +0100, Julian Andres Klode wrote:
> > It's worth pointing out that in Ubuntu, the generated MOK key
> > is for module signing only (extended key usage 1.3.6.1.4.1.2312.16.1.2),
> > kernels signed wi
On Tue, Feb 08, 2022 at 12:01:22PM +0100, Julian Andres Klode wrote:
> It's worth pointing out that in Ubuntu, the generated MOK key
> is for module signing only (extended key usage 1.3.6.1.4.1.2312.16.1.2),
> kernels signed with it will NOT be bootable.
Why should these be separate keys? There's
On Mon, Feb 07, 2022 at 09:33:46PM +0900, Masahiro Yamada wrote:
> Added "Ben Hutchings "
>
> On Wed, Jan 5, 2022 at 3:13 AM Matthew Wilcox wrote:
> >
> > On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > > > +vmlinux=$($MAKE -s -f $srctree/Makefile image_name)
> > > > +key=
>
On Mon, Feb 7, 2022 at 10:31 PM Matthew Wilcox wrote:
>
> On Mon, Feb 07, 2022 at 09:33:46PM +0900, Masahiro Yamada wrote:
> > Added "Ben Hutchings "
> >
> > On Wed, Jan 5, 2022 at 3:13 AM Matthew Wilcox wrote:
> > >
> > > On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > > > >
On Monday, 7 February 2022 14:30:53 CET Matthew Wilcox wrote:
> I followed the instructions in the Debian document *that existed at
> the time* (and now apparently we can't see because Debian uses an
> inept type of wiki that can't show old versions)
Look under the 'Info' link: https://wiki.debian
On Mon, Feb 07, 2022 at 09:33:46PM +0900, Masahiro Yamada wrote:
> Added "Ben Hutchings "
>
> On Wed, Jan 5, 2022 at 3:13 AM Matthew Wilcox wrote:
> >
> > On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > > > +vmlinux=$($MAKE -s -f $srctree/Makefile image_name)
> > > > +key=
>
On Sat, Feb 5, 2022 at 7:30 AM Matthew Wilcox wrote:
>
> On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > +CC the maintainers of CERTIFICATE HANDLING
> > M: David Howells
> > M: David Woodhouse
> > L: keyri...@vger.kernel.org
>
> Davids, can one of you respond
Added "Ben Hutchings "
On Wed, Jan 5, 2022 at 3:13 AM Matthew Wilcox wrote:
>
> On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > > +vmlinux=$($MAKE -s -f $srctree/Makefile image_name)
> > > +key=
> > > +if is_enabled CONFIG_EFI_STUB && is_enabled CONFIG_MODULE_SIG; then
> > >
On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> +CC the maintainers of CERTIFICATE HANDLING
> M: David Howells
> M: David Woodhouse
> L: keyri...@vger.kernel.org
Davids, can one of you respond to this?
> On Sat, Dec 18, 2021 at 12:11 PM Matthew Wilcox (Oracle)
On Wed, Jan 05, 2022 at 12:39:57AM +0900, Masahiro Yamada wrote:
> > +vmlinux=$($MAKE -s -f $srctree/Makefile image_name)
> > +key=
> > +if is_enabled CONFIG_EFI_STUB && is_enabled CONFIG_MODULE_SIG; then
> > + cert=$(grep ^CONFIG_MODULE_SIG_KEY= include/config/auto.conf | cut
> > -d\" -f2)
+CC the maintainers of CERTIFICATE HANDLING
M: David Howells
M: David Woodhouse
L: keyri...@vger.kernel.org
On Sat, Dec 18, 2021 at 12:11 PM Matthew Wilcox (Oracle)
wrote:
>
> If the config file specifies a signing key, use it to sign
> the kernel so that machines with SecureB
If the config file specifies a signing key, use it to sign
the kernel so that machines with SecureBoot enabled can boot.
See https://wiki.debian.org/SecureBoot
Signed-off-by: Matthew Wilcox (Oracle)
---
v2:
- Handle private keys stored in the pem file as well as adjacent to the
certificate
-
16 matches
Mail list logo