On Thu, 09 Jul 2020 18:07:39 +0300
nick...@gmail.com wrote:

> Yes, that's why "secure boot" should only be an option and the user
> must have the option to turn it off. Otherwise, it wouldn't be
> possible to do any kernel development on that computer.

For my edification.  I build custom kernels, and sign them using
pesign with my own key that I generated locally, and put in the EFI key
database. I can then boot the custom kernel in secure mode.  Couldn't I
also sign modules if I ever generated them with that same key?

That is, isn't this only an issue if the person doing the kernel
development hasn't generated their own key, and isn't signing their
kernels locally?
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to