On Mon, Sep 1, 2025 at 11:12 AM Jonathan Steffan <jonathanstef...@gmail.com> wrote: > > On Mon, Sep 1, 2025 at 8:36 AM Neal Gompa <ngomp...@gmail.com> wrote: >> >> It is possible to request Fedora to sign it. You will probably need to make >> some packaging changes to support it, but it can be done. > > > Ah cool. I didn't know that we had made any progress on upgrading the signing > process and adding our own keys. I've tried following the discussions. > > I assume end-users will still have to enroll an additional key? > Are we enrolling keys automatically, on first boot or otherwise? > > Will this work with Grub or is it just for sd-boot? >
It would be signed with the standard Fedora key, so it should work from any boot manager that loads shim to activate the Fedora key. > Are the packaging changes needed documented anywhere? > No, though btrfs-efi is a decent example: https://src.fedoraproject.org/rpms/btrfs-efi -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue