lanzaboote

History

Alois Wohlschlager 3885f114a8 Do not sign the kernel Malicious boot loader specification entries could be used to make a signed kernel load arbitrary unprotected initrds. Since we do not want this, do not sign the kernel. This way, the only things allowed to boot are our UKI stubs, which do verify the initrd.	2023-01-31 18:25:27 +01:00
..
stub	Load the kernel image ourselves	2023-01-31 18:25:14 +01:00
tool	Do not sign the kernel	2023-01-31 18:25:27 +01:00

Alois Wohlschlager 3885f114a8

Malicious boot loader specification entries could be used to make a
signed kernel load arbitrary unprotected initrds. Since we do not want
this, do not sign the kernel. This way, the only things allowed to boot
are our UKI stubs, which do verify the initrd.

2023-01-31 18:25:27 +01:00

stub

Load the kernel image ourselves

2023-01-31 18:25:14 +01:00

tool

Do not sign the kernel

2023-01-31 18:25:27 +01:00