Release process: SquashFS file order vs. Secure Boot
Originally created by @CyrilBrulebois on #17561 (Redmine)
Preparing 4.5~rc1, I’m now wondering whether it is important to have Secure Boot explicitly enabled or disabled when profiling the boot sequence to proceed with the SquashFS file order update.
I haven’t looked at what happened exactly in a boot sequence with Secure
Boot enabled… but we might be missing some signatures if the RM doesn’t
use a Secure Boot enabled system? Checking the contents of a current
linux-image
package, it seems like the signatures are embedded
directly into the vmlinuz
kernel binary and individual .ko
modules,
rather than being shipped alongside them. But there might be some other
things I haven’t thought of…
Definitely not a blocker for 4.5~rc1, but I suppose it would be slightly safer to have an answer before the final 4.5 release.
Poking intrigeri and
segfault accordingly.