3885f114a8
Malicious boot loader specification entries could be used to make a signed kernel load arbitrary unprotected initrds. Since we do not want this, do not sign the kernel. This way, the only things allowed to boot are our UKI stubs, which do verify the initrd. |
||
---|---|---|
.. | ||
stub | ||
tool |