[PATCH 1/2] [V2] Add support for GPG signature enforcement on booted
Andrew Donnellan
andrew.donnellan at au1.ibm.com
Wed Aug 3 14:36:42 AEST 2016
Hi Timothy
On 03/08/16 12:52, Timothy Pearson wrote:
> kernels and related blobs
>
> This can be used to implement a form of organization-controlled secure boot,
> whereby kernels may be loaded from a variety of sources but they will only
> boot if a valid signature file is found for each component, and only if the
> signature is listed in the /etc/pb-lockdown file.
>
> This patch also disables direct command line access when the /etc/pb-lockdown
> file is present.
>
> Signed-off-by: Timothy Pearson <tpearson at raptorengineering.com>
> ---
When you're submitting a V{2,3,...} of a patch, it's helpful for
reviewers if you can include a changelog, which you can just add to your
git commit message after a --- line - it'll be stripped off when Sam
applies the patch. Something like:
Signed-off-by: Patch Author <coder at example.com>
---
V2->V3:
* Point 1
* Point 2
V1->V2:
* Point 1
* Point 2
* Point 3
---
<diffstat>
So, what are the changes between V1 and V2 of this series?
Andrew
--
Andrew Donnellan OzLabs, ADL Canberra
andrew.donnellan at au1.ibm.com IBM Australia Limited
More information about the Petitboot
mailing list