| Message ID | 20190125175725.6696-1-dann.frazier@canonical.com |
|---|---|
| Headers | show |
| Series | Add support for UEFI signed kernels on arm64 | expand |
On Fri, Jan 25, 2019 at 10:57:20AM -0700, dann frazier wrote: > BugLink: https://bugs.launchpad.net/bugs/1804481 > > The following patches add support for signed UEFI kernel images on > arm64. The first three patches are for the linux package and the last > two are for linux-signed. > > The patches are complicated a bit by the fact that our arm64 generic > kernels are gzip compressed. We wish to keep the kernels we install > compressed both in the linux-image and linux-image-unsigned packages, > however signing must be done on the uncompressed kernel image. Therefore > we decompress the kernel when adding it to the signing tarball and bundle > a configuration file to signal linux-signed to recompress. > > Test builds are available here: > https://launchpad.net/~dannf/+archive/ubuntu/arm64-signed Applied to disco and unstable, thanks!
BugLink: https://bugs.launchpad.net/bugs/1804481 The following patches add support for signed UEFI kernel images on arm64. The first three patches are for the linux package and the last two are for linux-signed. The patches are complicated a bit by the fact that our arm64 generic kernels are gzip compressed. We wish to keep the kernels we install compressed both in the linux-image and linux-image-unsigned packages, however signing must be done on the uncompressed kernel image. Therefore we decompress the kernel when adding it to the signing tarball and bundle a configuration file to signal linux-signed to recompress. Test builds are available here: https://launchpad.net/~dannf/+archive/ubuntu/arm64-signed v2: - Add support for a <efi-image>.vars config in the signed tarball, and support a GZIP=1 setting to tell linux-signed that the signed image should be recompressed. - Use maximum gzip compression when recompressing, to match the unsigned image. - Include snapdragon flavor support. - Kill the cat.