Hi Steve Langasek,
Could we add an option to `update-secureboot-policy` so that it can generate a key that works for signing modules & kernels ?
As an aside, if an attacker has compromised a system and they generate a signing key ... they could modify and attempt to enrol a key that allows kernel signing ...
Hi Steve Langasek, secureboot- policy` so that it can generate a key that works for signing modules & kernels ?
Could we add an option to `update-
As an aside, if an attacker has compromised a system and they generate a signing key ... they could modify and attempt to enrol a key that allows kernel signing ...