<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-build.git/scripts/package-build/linux-kernel/build-mellanox-ofed.sh, branch rolling</title>
<subtitle>VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/'/>
<updated>2026-03-26T13:04:58+00:00</updated>
<entry>
<title>T8410: Fix typos and mistakes in scripts and comments</title>
<updated>2026-03-26T13:04:58+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-03-24T14:53:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=2933d0f5f5d17551b292cdafb8315cf2876e64a7'/>
<id>urn:sha1:2933d0f5f5d17551b292cdafb8315cf2876e64a7</id>
<content type='text'>
Fix typos and mistakes in the comments
No functional changes
</content>
</entry>
<entry>
<title>T861: sign all Kernel modules with an ephemeral key</title>
<updated>2024-09-25T18:24:21+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2024-09-25T18:24:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=d235b31a095f9b8fdb2d5c231935c8b4b4c3da6c'/>
<id>urn:sha1:d235b31a095f9b8fdb2d5c231935c8b4b4c3da6c</id>
<content type='text'>
The shim review board (which is the secure boot base loader) recommends using
ephemeral keys when signing the Linux Kernel. This commit enables the Kernel
build system to generate a one-time ephemeral key that is used to:

* sign all build-in Kernel modules
* sign all other out-of-tree Kernel modules

The key lives in /tmp and is destroyed after the build container exits and is
named: "VyOS build time autogenerated kernel key".

In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it
unable to load any Kernel Module to the image that is NOT signed by the
ephemeral key.
</content>
</entry>
</feed>
