Hi Steve Langasek, Could we add an option to `update-secureboot-policy` so that it can generate a key that works for signing modules & kernels ?
As an aside, if an attacker has compromised a system and they generate a signing key ... they could modify and attempt to enrol a key that allows kernel signing ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939565 Title: kernel signed by mok failed to boot if secure boot is on To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1939565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
