From: Eric Chanudet on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3715#note_2378983293
In fact, this MR disables kernel signing when assembling the RPM, for the automotive use-case only, and defers it after injecting the module signing certificate(s) when the image is composed. Decoupling building+packaging and signing. Verification or measurement of the kernel image, and/or the entire boot image (e.g, aboot), is intended to happen at image composition and depends on supported boot chain implementations. -- _______________________________________________ kernel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
