Uploaded image for project: 'Community Linux Engineering'
  1. Community Linux Engineering
  2. CLE-3044

Set up CentOS Project Special Interest Group Secure Boot certificates

SetAsigneesSync from "Extern...update-metadata-from-f...XMLWordPrintable

    • 10
    • rhel-cle-pnp

        1. Description

      In order for CentOS SIGs like Hyperscale and Kmods to have access to secure boot signing for kernel software packages, signing infrastructure needs to be set up for this.

      Specifically, this requires:

      • A secure boot certificate key pair for CentOS SIGs that CBS can use
      • CBS to have builders with a secure-boot channel where the pesign socket is made available for specific packages/tags for specific users
      • A copy of the public certificate that can be embedded in shim so that it is automatically trusted by GRUB and the kernel.

              Unassigned Unassigned
              cle_bot CLE bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: