lanzaboote/rust
Alois Wohlschlager 3885f114a8
Do not sign the kernel
Malicious boot loader specification entries could be used to make a
signed kernel load arbitrary unprotected initrds. Since we do not want
this, do not sign the kernel. This way, the only things allowed to boot
are our UKI stubs, which do verify the initrd.
2023-01-31 18:25:27 +01:00
..
stub Load the kernel image ourselves 2023-01-31 18:25:14 +01:00
tool Do not sign the kernel 2023-01-31 18:25:27 +01:00