On Thu, 2020-07-09 at 11:17 -0700, stan via devel wrote:
> On Thu, 09 Jul 2020 18:07:39 +0300
> nick...@gmail.com wrote:
> > Yes, that's why "secure boot" should only be an option and the user
> > must have the option to turn it off. Otherwise, it wouldn't be
> > possible to do any kernel development on that computer.
> For my edification.  I build custom kernels, and sign them using
> pesign with my own key that I generated locally, and put in the EFI
> key
> database. I can then boot the custom kernel in secure mode.  Couldn't
> I
> also sign modules if I ever generated them with that same key?
> That is, isn't this only an issue if the person doing the kernel
> development hasn't generated their own key, and isn't signing their
> kernels locally?

To be honest, I don't know. Do all UEFI secure boot implementations
allow you to add your own keys to the list of trusted keys?

devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to