| mason | Yeah. Sift out the best. | 00:00 |
|---|---|---|
| Xenguy | find and gather | 00:00 |
| stribika | Hello, I have a question about the CONFIG_SYSTEM_TRUSTED_KEYS kernel option. By default it is set to debian/certs/debian-uefi-certs.pem but the file is not there. | 17:46 |
| stribika | How can I get it? Is it available online? Or I thought maybe I can use keyctl to get it out of the running kernel, but don't know how. | 17:46 |
| stribika | I could also just generate one but then I assume I won't be able to load official modules and whatnot. | 17:48 |
| fsmithred | stribika, are you compiling your own kernel? | 17:51 |
| stribika | Yes | 17:51 |
| fsmithred | I think only debian can use their certs | 17:52 |
| stribika | The make deb-pkg step fails because of this. | 17:52 |
| stribika | Oh is it the private key part? Sorry I think I misunderstood the docs then. | 17:52 |
| fsmithred | I think so. Not sure. | 17:52 |
| fsmithred | I know there is a signed grub package for secure boot, and I think the signed kernel goes with that | 17:53 |
| fsmithred | I think you can omit that if you don't use secure boot | 17:54 |
| stribika | That's what I'll do for now, thank you | 17:55 |
| stribika | So I'm pretty sure it's actually a public key. I can see it in /proc/keys as this: asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1 | 18:34 |
| stribika | But keyctl won't give it to me. Maybe I can just grep the kernel image and find it that way. | 18:34 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!