From fd737172f1068870fe1ededbe9b2ed4a86663acd Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 4 Sep 2024 21:37:11 +0200
Subject: T861: add UEFI Secure Boot support

This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.

NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:

  data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
---
 .gitignore | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to '.gitignore')

diff --git a/.gitignore b/.gitignore
index 23101b27..e3724a9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,8 @@ packer_cache/*
 key/*
 packages/*
 !packages/*/
-testinstall*.img
-*.qcow2
-*.tar
+data/live-build-config/includes.chroot/var/lib/shim-signed/mok/*
+/testinstall*.img
+/testinstall*.efivars
+/*.qcow2
+/*.tar
-- 
cgit v1.2.3