[PATCH v2 0/5][disco] Add support for UEFI signed kernels on arm64
dann frazier
dann.frazier at canonical.com
Fri Jan 25 17:57:20 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1804481
The following patches add support for signed UEFI kernel images on
arm64. The first three patches are for the linux package and the last
two are for linux-signed.
The patches are complicated a bit by the fact that our arm64 generic
kernels are gzip compressed. We wish to keep the kernels we install
compressed both in the linux-image and linux-image-unsigned packages,
however signing must be done on the uncompressed kernel image. Therefore
we decompress the kernel when adding it to the signing tarball and bundle
a configuration file to signal linux-signed to recompress.
Test builds are available here:
https://launchpad.net/~dannf/+archive/ubuntu/arm64-signed
v2:
- Add support for a <efi-image>.vars config in the signed tarball,
and support a GZIP=1 setting to tell linux-signed that the signed
image should be recompressed.
- Use maximum gzip compression when recompressing, to match the
unsigned image.
- Include snapdragon flavor support.
- Kill the cat.
More information about the kernel-team
mailing list