APPLIED[H/Unstable]: [SRU B/F/G V2] LP: #1898716 -- add direct support for the livepatching
Seth Forshee
seth.forshee at canonical.com
Thu Feb 18 16:44:27 UTC 2021
On Thu, Feb 18, 2021 at 04:17:46PM +0000, Andy Whitcroft wrote:
> The current user-experience for Livepatch users is poor. The livepatch
> modules we produce are signed separatly from the kernel modules.
> This means that to enable livepatching of the kernel we have to enroll
> a certificate for the livepatch service; the enrollment of this key
> necessitates a reboot to EFI to acknowledge the key.
>
> This patch set adds packaging infrastructure to support the addition
> of module signing certificates. It then adds the Canonical Livepatch
> Signing key and the Canonical Kernel Module Signing key. This both
> allows us to directly import appropriate livepatch modules, and externally
> signed drivers modules. As part of this we enable CONFIG_MODVERSIONS as
> recommended by the kernel documentation.
>
> Following this email are three patch sets each consisting of 4 patches.
> There are individual patches 1/2 for each series, patches 3 and 4 are
> common to each series.
>
> Proposing for bionic:linux, focal:linux, and groovy:linux.
The groovy patches applied cleanly to hirsute and unstable, so I've
applied them there. Thanks!
More information about the kernel-team
mailing list