use one cert for all; modules, kernel, kexec
Markus Reichelt
ml at mareichelt.com
Fri Oct 27 02:33:15 PDT 2023
Hi,
I already use signed modules and do wonder if the same cert can be used
to sign the kernel, and verified by kexec when loading such a kernel.
Failing to verify a signed kernel, kexec shall not load it.
Is that doable with current kexec-tools?
If not, is there a real chance this could be added?
My trust scenario is simple, use one cert for all.
Thanks,
Markus
More information about the kexec
mailing list