[16:49] <mozmck> Why do the 4.16.x mainline kernel packages say linux-image-unsigned...?
[16:51] <apw> mozmck, because the packaging is coming from a later release where installed kernels (on amd64 and ppc64el) are signed by default; the unsigned kernel is therefore shipped in linux-image-unsigned for test builds
[16:52] <mozmck> So I'm building a kernel to ship with the preemp-rt patch.  Do I need to do something to sign the package or is it fine like it is?
[16:53] <mozmck> I'm using the ubuntu patches such as these: http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.16.15/
[16:53] <mozmck> Then applying the preempt-rt patch and making relevant config changes.
[16:54] <apw> mozmck, well yes, it makes no difference as the consumer won't have any common key with you anyhow
[16:56] <apw> mozmck, though if you also switch off the efi_signed (and similar) flags in debian.master/rules.d/*.mk
[16:56] <apw> mozmck, you will get a linux-image package again, though the contents are unsigned still
[16:56] <mozmck> Will that affect booting on efi systems at all?
[16:59] <apw> mozmck, no more than the ones you are already producing, ie they will be unsigned
[17:00] <apw> i suppose once enfocement of efi signatures becomes a thing you will have to talk people thorugh
[17:00] <apw> turning that off to boot your non-standard kernels
[17:00] <apw> but that is the same for everyone
[17:00] <apw> including us when we do test kernels
[17:09] <mozmck> apw: Ok, thanks for the information!  That was just what I needed to know.