commit 4aa9658077ce81a16ebf53ea95539ac138df47ed
Author: Jiping Ma <email address hidden>
Date: Fri Aug 26 07:57:29 2022 -0400
CentOS: Place module signing keys in a separate package
Currently we package our module signing keys as part of
the 'kernel-devel' package. This means that anyone obtaining
our 'kernel-devel' package, which we do publish, can produce
signed modules. This violates the intent of secure boot.
Re-package our module signing keys into a separate package
known as 'kernel-devel-keys'.
Testing:
- An ISO image can be built out successfully.
- Installation of the ISO image is successful with standard and
low-latency profiles.
- Make sure there are not the keys in the lab that installed
with the ISO image.
Closes-Bug: 1988361
Signed-off-by: Jiping Ma <email address hidden>
Change-Id: I4b5235fdb0fffa32cc7fd40c7870d0ddeec6595e
Reviewed: https:/ /review. opendev. org/c/starlingx /kernel/ +/854935 /opendev. org/starlingx/ kernel/ commit/ 4aa9658077ce81a 16ebf53ea95539a c138df47ed
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 4aa9658077ce81a 16ebf53ea95539a c138df47ed
Author: Jiping Ma <email address hidden>
Date: Fri Aug 26 07:57:29 2022 -0400
CentOS: Place module signing keys in a separate package
Currently we package our module signing keys as part of
the 'kernel-devel' package. This means that anyone obtaining
our 'kernel-devel' package, which we do publish, can produce
signed modules. This violates the intent of secure boot.
Re-package our module signing keys into a separate package devel-keys' .
known as 'kernel-
Testing:
- An ISO image can be built out successfully.
- Installation of the ISO image is successful with standard and
low-latency profiles.
- Make sure there are not the keys in the lab that installed
with the ISO image.
Closes-Bug: 1988361
Signed-off-by: Jiping Ma <email address hidden> 32cc7fd40c7870d 0ddeec6595e
Change-Id: I4b5235fdb0fffa