=== himcesjf_ is now known as him-cesjf | ||
leitao | cascardo, | 17:16 |
---|---|---|
leitao | On ppc64el kernel, we are seeing "PKCS#7 signature not signed with a trusted key". Do you know if something changed? | 17:17 |
leitao | mainly because now I see the unsigned kernels. | 17:18 |
cascardo | leitao: hum, don't really know much about it | 18:43 |
cascardo | apw: ^ | 18:43 |
apw | leitao, this would be because the primary binaries are now signed, they should be signed with the official key | 20:41 |
leitao | apw, that is why we have the signed and unsiged kernels? | 20:42 |
apw | leitao, we have unsigned packages because otherwise there is no delivery mechanism for test kernels (which are not signed) | 20:43 |
leitao | apw, let me ask a more silly question. What is the difference between signed and unsigned kernels? If I plan to use dkms, should I move to unsigned? | 20:44 |
apw | leitao, for ppc64el it all depends how enforced things are; in an efi world we would either load a personal key, or disable signature enforcement | 20:45 |
leitao | apw, how do I disable enforcement? | 20:46 |
apw | leitao, i am not sure i know the answer to that | 20:47 |
leitao | we rebuilt a custom kernel and now we see a lot of "PKCS#7 signature not signed with a trusted key". If I disable enforcement, will it not happen? | 20:47 |
apw | is that built in a PPA ? | 20:48 |
apw | as those would be signed by the per PPA key | 20:48 |
apw | i am slightly confused, i assume there is something more amiss when the signature is present over when the image unsigned | 20:52 |
leitao | apw, no, we did a in-house custom built | 20:52 |
leitao | apw, I am wondering if we missed some step as adding our key somewhere. | 20:53 |
apw | previous images would have been completely unsigned, how is it behaving different ? | 20:53 |
apw | perhaps you could enumerate that for me in a bug so we can better understand | 20:54 |
=== himcesjf_ is now known as him-cesjf |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!