APPLIED[U]: [mantic:linux-signed][PATCH 0/5] Implement kernel.efi in linux-generate

Andrea Righi andrea.righi at canonical.com
Mon Jul 17 06:27:17 UTC 2023


On Fri, Jul 14, 2023 at 10:30:48PM +0100, Dimitri John Ledkov wrote:
> This patchset add automatic generation of kernel.efi as suitable for
> creating kernel snaps. This will eliminate need to have a derivative
> kernel jammy:linux-uc22 (linux-uc22/linux-signed-uc22 source packages)
> for every EFI kernel that desires to have a kernel snap. This is also
> implemented in such a way that one can choose to only sign a
> kernel.efi if classic boot is not needed at all. Also straight away
> support is added to support FIPS kernel snaps with HMAC files.
> 
> Currently targetting this for mantic as we have pressing needs to have
> Mantic based kernel snaps already. But I also want to soon roll this
> out to jammy signed packages that have snaps attached to them, as this
> will significantly reduce workload there.
> 
> I am sending these patches for review, but likely will apply them in
> mantic and do a signed respin straight away to demonstrate how it all
> works.
> 
> After this lands, will send out further patches for meta &
> kernel-series.yaml to migrate to to this signing on per-kernel basis.

Applied to mantic/linux-unstable (with a little adjustment to PATCH 3/5
("UBUNTU: Install snapd-info file if available"), because of
linux-generate vs linux-generate-unstable.

Thanks,
-Andrea



More information about the kernel-team mailing list