dm-verity and secureboot #13
Conversation
ulrichard
force-pushed
the
feature/verity
branch
from
f8501c5 to
3dbe8f2
Compare
|
@gnapoli23 |
|
Is it worth removing our PGP key (and so the secureboot certificates) in favour of some random generated ones? Or even better, generate them each time a new iso is created (just as a reference on how it works). As is, we are the only ones who can build this repo. |
|
d947c046f9764709fb6eea4cd3456d482b4e641f684d78ab67ef2cbedc16968f output/livedeb.iso Everybody can build the version without secureboot. And everybody could fork with their own keys. I think our verts can serve as a good reference. I don' know what new keys for each build would improve. With our certs we can use the ISOs directly, and everybody who trusts us enough. |
|
Yes and no. Building the version without secureboot it's like saying this PR does not make sense, or at least that you (as random user) are able to use it with seureboot only if you know how to generate those certificates, which can be ok but not for everybody. I honestly think that adding also the possibility to generate the keys and certificates with some optional command would really be helpful, so that the random user can then copy and import the related secureboot keys with ease. I will take care of it., sooner or later. BTW, not matching |
No description provided.