Comments (10)
nikstur
commented on May 21, 2024
1
Yes, but for sd-boot it matters even on an "ignore" policy where we ignore old kernels and initrds
from lanzaboote.
nikstur
commented on May 21, 2024
1
#76 solved our issue with newer/malformed/unsiged systemd-boot binaries. It did not solve the issue with existing unsiged kernels.
from lanzaboote.
nikstur
commented on May 21, 2024
sd-boot is not signed by lanzatool if it already existed
from lanzaboote.
RaitoBezarius
commented on May 21, 2024
same for kernels or any file actually I think
from lanzaboote.
blitz
commented on May 21, 2024
from lanzaboote.
vroad
commented on May 21, 2024
Can't we just verify signature of existing files and sign them too, instead of just signing only non-existing files?
from lanzaboote.
RaitoBezarius
commented on May 21, 2024
Can't we just verify signature of existing files and sign them too, instead of just signing only non-existing files?
Yes this is what is planned.
from lanzaboote.
nikstur
commented on May 21, 2024
#75 & Implementing a solution for #68 will fix this issue.
from lanzaboote.
mweinelt
commented on May 21, 2024
Hit this and one more nix-collect-garbage -d and another rebuild solved this for me.
from lanzaboote.
nikstur
commented on May 21, 2024
Now that #75 is merged, the only issue left here is that the stub/UKI might not be signed and will not be resigned or overwritten. This, however, could only happen if the user manually removed the signature from one of them.
from lanzaboote.
Related Issues (20)
- uefi stub contains timestamp of compilation HOT 1
- Doesn't boot NixOS bootloader with Secure Boot HOT 2
- Nix flake check is broken HOT 1
- Same key with `nixos-rebuild --target-host TARGET` HOT 2
- NixOs works but Windows boots to Bitlocker recovery HOT 9
- /boot/EFI/memtest86/memtest.efi is not signed HOT 3
- Secure Boot Blacklist Update HOT 1
- Secureboot with Encrypted ZFS? HOT 2
- Secure Boot Enabled Install Environment
- README: update upstreaming status
- Hibernation? HOT 5
- Latest generation not being set as default boot entry HOT 2
- bootctl does not like our stubs any more HOT 5
- Unable to boot surface go after error free install - 'secure boot fail' HOT 1
- Hard-coded generation path in UKI module failed in non-testing environments HOT 4
- tpm2 based systemd-cryptenroll HOT 1
- Using with Grub? HOT 1
- Using Lanzaboote without Flakes or Niv HOT 6
- Nvidia support? HOT 2
- Nothing is verified HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lanzaboote.