Hi Antonio, Antonio Carlos Padoan Junior <[email protected]> writes:
> Can we imagine signing the kernel outside the guix layer, I mean, > directly into the store without using guix commands? I understand this > would break conceptually the Guix functional characterization, and it is > not very "clean". But despite these points, any other side effects expected? This subject has been discussed a bit in the past. My opinion on what you're suggesting is that: * We should not modify the store in place. This is bound to create problems for the user, because we'd be breaking the Guix guarantees. * You could sign it out of the store. Basically, something like `sign /gnu/store/xxxxxx-bzImage > /boot/bzImage_signed`. However, this poses problems with generations, since either we prohibit loading older generations, which is a huge step backwards, or we sign all of the older generations as well, which will take a non-negligible amount of space. In that case, we'd also need to keep track of the different signed kernels that are sitting in /boot to be able to clean them up when the generations are deleted. It's not an easy problem unfortunately, and the number of people whose threat model requires such a thing is slim, hence the lack of work in that direction. Best, -- Josselin Poiret
