One open technical question from the Canonical side: can you confirm that the POWER firmware implementation will support embedded certificate chains as part of the vmlinux signature data? Our existing SecureBoot signing regime uses an on-line signing key which is chained to a our CA certificate, and it is the latter that we would normally provide for db.
It appears that the kmodsign tools support embedded certificates in the signature data, but we would like to confirm that the firmware implementation is also compatible with this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1696154 Title: [17.10 FEAT] Sign POWER host/NV kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1696154/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
