I've tested a kernel with CONFIG_EFI_STUB added (thanks cking!).
This does boot with secureboot enabled, though the LXD agent fails to start due to lack of vsock.
So in addition to CONFIG_EFI_STUB, it looks like we also need: - CONFIG_VSOCKETS - CONFIG_VIRTIO_VSOCKETS - CONFIG_VIRTIO_VSOCKETS_COMMON
Which should give us the bits needed for virtio vsock.
The rest all looked good, so we should be fine with those tweaks and the kernel getting signed.
I've tested a kernel with CONFIG_EFI_STUB added (thanks cking!).
This does boot with secureboot enabled, though the LXD agent fails to start due to lack of vsock.
So in addition to CONFIG_EFI_STUB, it looks like we also need: VIRTIO_ VSOCKETS VIRTIO_ VSOCKETS_ COMMON
- CONFIG_VSOCKETS
- CONFIG_
- CONFIG_
Which should give us the bits needed for virtio vsock.
The rest all looked good, so we should be fine with those tweaks and the kernel getting signed.