[Acked] [PATCH v2 0/5][disco] Add support for UEFI signed kernels on arm64
dann frazier
dann.frazier at canonical.com
Sun Feb 3 18:04:19 UTC 2019
On Tue, Jan 29, 2019 at 6:24 AM Andy Whitcroft <apw at canonical.com> wrote:
>
> On Fri, Jan 25, 2019 at 10:57:20AM -0700, dann frazier wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1804481
> >
> > The following patches add support for signed UEFI kernel images on
> > arm64. The first three patches are for the linux package and the last
> > two are for linux-signed.
> >
> > The patches are complicated a bit by the fact that our arm64 generic
> > kernels are gzip compressed. We wish to keep the kernels we install
> > compressed both in the linux-image and linux-image-unsigned packages,
> > however signing must be done on the uncompressed kernel image. Therefore
> > we decompress the kernel when adding it to the signing tarball and bundle
> > a configuration file to signal linux-signed to recompress.
> >
> > Test builds are available here:
> > https://launchpad.net/~dannf/+archive/ubuntu/arm64-signed
> >
> > v2:
> > - Add support for a <efi-image>.vars config in the signed tarball,
> > and support a GZIP=1 setting to tell linux-signed that the signed
> > image should be recompressed.
> > - Use maximum gzip compression when recompressing, to match the
> > unsigned image.
> > - Include snapdragon flavor support.
> > - Kill the cat.
>
> Assuming the linkage for the debug packages is right, this looks like a
> sane approach.
Oh, good catch - I didn't think of that. We are missing the snapdragon
debug linkage. I'll follow up w/ a patch for that.
-dann
More information about the kernel-team
mailing list