mason | Yeah. Sift out the best. | 00:00 |
---|---|---|
Xenguy | find and gather | 00:00 |
stribika | Hello, I have a question about the CONFIG_SYSTEM_TRUSTED_KEYS kernel option. By default it is set to debian/certs/debian-uefi-certs.pem but the file is not there. | 17:46 |
stribika | How can I get it? Is it available online? Or I thought maybe I can use keyctl to get it out of the running kernel, but don't know how. | 17:46 |
stribika | I could also just generate one but then I assume I won't be able to load official modules and whatnot. | 17:48 |
fsmithred | stribika, are you compiling your own kernel? | 17:51 |
stribika | Yes | 17:51 |
fsmithred | I think only debian can use their certs | 17:52 |
stribika | The make deb-pkg step fails because of this. | 17:52 |
stribika | Oh is it the private key part? Sorry I think I misunderstood the docs then. | 17:52 |
fsmithred | I think so. Not sure. | 17:52 |
fsmithred | I know there is a signed grub package for secure boot, and I think the signed kernel goes with that | 17:53 |
fsmithred | I think you can omit that if you don't use secure boot | 17:54 |
stribika | That's what I'll do for now, thank you | 17:55 |
stribika | So I'm pretty sure it's actually a public key. I can see it in /proc/keys as this: asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1 | 18:34 |
stribika | But keyctl won't give it to me. Maybe I can just grep the kernel image and find it that way. | 18:34 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!