Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signed kernel check to prevent pushing improperly signed kernels #16

Closed
bsherman opened this issue Jul 12, 2024 · 2 comments
Closed

Add signed kernel check to prevent pushing improperly signed kernels #16

bsherman opened this issue Jul 12, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@bsherman
Copy link
Contributor

We shold add a step after image build and before push which confirms kernel in the image was signed with the proper key.

Can use: podman run --entrypoint /bin/bash image -c "cat path to vmlinuz" > tmp/vmlinuz

And then do a sbverify --cert
@bsherman bsherman added the enhancement New feature or request label Jul 12, 2024
@m2Giles
Copy link
Member

m2Giles commented Jul 20, 2024

In downstream images this has been implemented.

But we can do something similar in this repo.

@m2Giles
Copy link
Member

m2Giles commented Jul 20, 2024

Implemented in #18

@m2Giles m2Giles closed this as completed Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bsherman @m2Giles