749bbb6ea4
Why I did it To sign SONiC kernel image and allow secure boot based system to verify SONiC image before loading into the system. How I did it Pass following parameter to rules/config.user Ex: SONIC_ENABLE_SECUREBOOT_SIGNATURE := y SIGNING_KEY := /path/to/key/private.key SIGNING_CERT := /path/to/public/public.cert How to verify it Secure boot enabled system enrolled with right public key of the, image in the platform UEFI database will able to verify image before load. Alternatively one can verify with offline sbsign tool as below. export SBSIGN_KEY=/abc/bcd/xyz/ sbverify --cert $SBSIGN_KEY/public_cert.cert fsroot-platform-XYZ/boot/vmlinuz-5.10.0-8-2-amd64 mage O/P: Signature verification OK |
||
---|---|---|
.. | ||
Dockerfile.j2 | ||
Dockerfile.user.j2 | ||
no-check-valid-until | ||
sonic-jenkins-id_rsa.pub |