StarlingX

  1. Bug #1988361
  2. Comment #2

Comment 2 for bug 1988361

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/854935
Committed: https://opendev.org/starlingx/kernel/commit/4aa9658077ce81a16ebf53ea95539ac138df47ed
Submitter: "Zuul (22348)"
Branch: master

commit 4aa9658077ce81a16ebf53ea95539ac138df47ed
Author: Jiping Ma <email address hidden>
Date: Fri Aug 26 07:57:29 2022 -0400

    CentOS: Place module signing keys in a separate package

    Currently we package our module signing keys as part of
    the 'kernel-devel' package. This means that anyone obtaining
    our 'kernel-devel' package, which we do publish, can produce
    signed modules. This violates the intent of secure boot.

    Re-package our module signing keys into a separate package
    known as 'kernel-devel-keys'.

    Testing:
    - An ISO image can be built out successfully.
    - Installation of the ISO image is successful with standard and
      low-latency profiles.
    - Make sure there are not the keys in the lab that installed
      with the ISO image.

    Closes-Bug: 1988361

    Signed-off-by: Jiping Ma <email address hidden>
    Change-Id: I4b5235fdb0fffa32cc7fd40c7870d0ddeec6595e