Comment 8 for bug 1696154

Revision history for this message
Steve Langasek (vorlon) wrote : Re: [17.10 FEAT] Sign POWER host/NV kernels

One open technical question from the Canonical side: can you confirm that the POWER firmware implementation will support embedded certificate chains as part of the vmlinux signature data? Our existing SecureBoot signing regime uses an on-line signing key which is chained to a our CA certificate, and it is the latter that we would normally provide for db.

It appears that the kmodsign tools support embedded certificates in the signature data, but we would like to confirm that the firmware implementation is also compatible with this.