Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: None
Labels:
- bootc

Epic Name:
Image Mode Integrity Sealing Build
Severity:
None

AssignedTeam:
None

Story Points:
32
Status Summary:

Hide

Jun 3 2025: Currently marking as red due to low progress on https://github.com/bootc-dev/bootc/pull/1314

Show
Jun 3 2025: Currently marking as red due to low progress on https://github.com/bootc-dev/bootc/pull/1314
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

This epic will track work needed on the build side. We want to productize this:

https://github.com/containers/composefs-rs/blob/main/examples/unified-secureboot/build

Notes:

Must use functionality in bootc (or higher level tools) and not require copying in a binary built on the host
Obviously needs clear docs on production key usage
Handle different bootloaders (MVP can be systemd-boot though)
https://github.com/containers/composefs-rs/blob/main/examples/unified-secureboot/build must also align with https://docs.fedoraproject.org/en-US/bootc/building-from-scratch/
Same with the Containerfile, ideally hide stuff like https://github.com/containers/composefs-rs/blob/126751dee8a71aa54c9666e69645d2fd1eccb176/examples/unified-secureboot/Containerfile#L44

Assignee:: Colin Walters

Reporter:: Colin Walters

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/08/01 6:23 PM

Updated:: 2025/10/21 9:09 PM