| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-09-22 | T861: stripping Kernel modules would also remove module signatures | Christian Breunig | |
| As the VyOS Linux Kernel will be compiled with CONFIG_MODULE_SIG_FORCE all driver modules need to be cryptographically signed. This happens during build of the Kernel and it's 3rd party modules. Stripping the objects would remove said signature and the system will be unable to boot b/c of CONFIG_MODULE_SIG_FORCE. | |||
| 2024-09-14 | T861: add UEFI Secure Boot support | Christian Breunig | |
| This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md | |||
 |
index : vyos-build.git | |
| VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git) |
| summaryrefslogtreecommitdiff |