> The kernel needs to be built with some non-default kconfigs, so if
> it's a custom build or distro check that those are all enabled, they
> are listed here:
>
> https://github.com/systemd/systemd/blob/main/README#L131
Just for posterity, here is the permalink:
https://github.com/systemd/systemd/
Ooh I see.
Thanks for the heads up, I'll have a look to see which upstream kernels
have this enabled as we are using upstream kernels directly.
On the meantime it's trivial to extract the certs ourselves so it still
works as expected :)
Thanks Luca! I'll write an extra thread now with some more
On Wed, 5 Jun 2024 at 15:15, Itxaka Serrano Garcia
wrote:
>
> Hey all,
>
> testing a bit the systemd-sysext with verity+signature, running a sample like
> this:
>
> systemd-repart -S -s extension/ /run/extensions/k3sv1.30.0+k3s1.sysext.raw
> --private-key=db.key --certificate=db.pem
>
> This gen
Hey all,
testing a bit the systemd-sysext with verity+signature, running a sample
like this:
systemd-repart -S -s extension/ /run/extensions/k3sv1.30.0+k3s1.sysext.raw
--private-key=db.key --certificate=db.pem
This generates a nice sysextension with verity and signed! (Nice work there
BTW, its d
