At some point we're hopefully going to support Secure Boot on amd64.
That means there will be a signed kernel image (separate from the
current linux-image packages) and a signed GRUB image.  The kernel
modules in the linux-image packages will also be signed, probably with
an ephemeral key.

All these signatures will all be embedded within binaries and will of
course not be reproducible.  The locations of differences will however
be predictable.

How should we deal with this limited variability?  Could source
packages or buildinfo describe the expected variations somehow?


Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.

Attachment: signature.asc
Description: This is a digitally signed message part

Reproducible-builds mailing list

Reply via email to