[linux-meta][K][L][PATCH 0/2] Check if EFI signatures are revoked at build time
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Mon Nov 21 15:03:22 UTC 2022
BugLink: https://bugs.launchpad.net/bugs/1996955
If built-in revocation certificates information is known, verify if
freshly signed EFI binaries are revoked. This prevents accidentally
publishing signed kernel packages that fail to kexec/kdump under
secureboot.
Will be active only if both https://bugs.launchpad.net/bugs/1996892
and this patches land in a given kernel.
Dimitri John Ledkov (2):
UBUNTU: [Packaging] Check if EFI signatures are revoked at build time
UBUNTU: [Packaging] Add EFI signed flavours buildinfo build-depends
debian/control.stub | 2 ++
debian/rules | 15 +++++++++++++++
2 files changed, 17 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list