[mantic:linux-signed][PATCH 0/5] Implement kernel.efi in linux-generate

Andrea Righi andrea.righi at canonical.com
Thu Jul 20 05:55:37 UTC 2023

On Fri, Jul 14, 2023 at 10:30:48PM +0100, Dimitri John Ledkov wrote:
> This patchset add automatic generation of kernel.efi as suitable for
> creating kernel snaps. This will eliminate need to have a derivative
> kernel jammy:linux-uc22 (linux-uc22/linux-signed-uc22 source packages)
> for every EFI kernel that desires to have a kernel snap. This is also
> implemented in such a way that one can choose to only sign a
> kernel.efi if classic boot is not needed at all. Also straight away
> support is added to support FIPS kernel snaps with HMAC files.
> Currently targetting this for mantic as we have pressing needs to have
> Mantic based kernel snaps already. But I also want to soon roll this
> out to jammy signed packages that have snaps attached to them, as this
> will significantly reduce workload there.
> I am sending these patches for review, but likely will apply them in
> mantic and do a signed respin straight away to demonstrate how it all
> works.
> After this lands, will send out further patches for meta &
> kernel-series.yaml to migrate to to this signing on per-kernel basis.

This seems to break the build of linux-generate on ppc64el and s390x.

Are we missing other patches in linux-unstable?


More information about the kernel-team mailing list