Hi Lennart,
"Sorry, but GPG is a no-go. Not in 2023."
Yes, I understand that. What I am trying to get is a simple way to
verify that the initramfs has not been tampered with. UKI comes with its
own challenges, using encryption tied to a measured boot looks overkill,
and I fully agree in which
On Mi, 24.05.23 16:20, Felix Rubio (fe...@kngnt.org) wrote:
> Hi Andrei, Lennart
>
> @Andrei: Do you think, then, that the same private key used for SecureBoot
> could be used for GPG signing the initramfs? That would be cool, as the
> whole boot signing infrastructure would still depend on a sing
On Di, 23.05.23 11:04, Phillip Susi (ph...@thesusis.net) wrote:
> Every time I reboot, when I first log in, journald ( 253.3-r1 )
> complains that the monotonic time went backwards, rotating log file.
> This appears to happen because journal_file_append_entry_internal()
> wishes to enforce strict
Hi Andrei, Lennart
@Andrei: Do you think, then, that the same private key used for
SecureBoot could be used for GPG signing the initramfs? That would be
cool, as the whole boot signing infrastructure would still depend on a
single entity.
@Lennart: I was thinking in using a private key for w
On Mi, 24.05.23 12:22, Felix Rubio (fe...@kngnt.org) wrote:
> I agree that having a measured boot, that decrypts the system is a better
> solution... but this is, correct me if wrong, still very green: There are
> some approaches supported, but none of them seems to be structural: they
> rely on t
On Di, 23.05.23 20:54, Felix Rubio (fe...@kngnt.org) wrote:
> Hi everybody,
>
> I am trying to understand something, and after looking around I have not
> found any explicit answer. Maybe somebody in this list can shed some light
> on the matter? I have a laptop in which I am setting up the boot p
On Wed, May 24, 2023 at 1:22 PM Felix Rubio wrote:
>
> Hi Andrei,
>
> Thank you for correcting my statement about Grub2, I did not know that.
>
> I agree that having a measured boot, that decrypts the system is a
> better solution... but this is, correct me if wrong, still very green:
> There are
Hi Andrei,
Thank you for correcting my statement about Grub2, I did not know that.
I agree that having a measured boot, that decrypts the system is a
better solution... but this is, correct me if wrong, still very green:
There are some approaches supported, but none of them seems to be
struct
On Wed, May 24, 2023 at 9:42 AM Lal, Arun wrote:
> Hi All,
>
>
>
> I was trying to authenticate a user from a deamon running in my machine.
> And I found systemd-login can be used.
>
> I went through documentation for interface org.freedesktop.login1, but I
> am not clear on how it can be used.
>
