From: "Fabio M. De Francesco" <fmdefrancesco@gmail.com>
To: Julia Lawall <julia.lawall@inria.fr>, Deepak R Varma <drv@mailo.com>
Cc: outreachy@lists.linux.dev
Subject: Re: trouble booting into staging kernel
Date: Thu, 13 Oct 2022 16:59:38 +0200 [thread overview]
Message-ID: <2118793.irdbgypaU6@mypc> (raw)
In-Reply-To: <Y0ch7rDCJoTKgMac@vivasvan>
On Wednesday, October 12, 2022 10:22:06 PM CEST Deepak R Varma wrote:
> On Mon, Oct 10, 2022 at 01:25:56AM +0530, Deepak R Varma wrote:
> > On Sun, Oct 09, 2022 at 09:12:37PM +0200, Julia Lawall wrote:
[snip]
,
> I realized that working with the certificates is very complex.
I entirely agree with you :-)
> > Create your own secure boot signing certificate without such an EKU, enroll
it into either mok or db, and use it for signing.
Time ago the following documents from openSUSE finally helped me to understand
how secure boot works and how to create and add my keys to boot custom kernels
and modules:
https://en.opensuse.org/openSUSE:UEFI
https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-uefi.html
After some time I realized that I don't need secure boot enabled when I boot
my kernels and modules on several QEMU/KVM VMs (the guests) for testing
patches. It's easier, faster, and I avoid the risk to hang or bring down the
host, or worst, to corrupt the filesystems in the partitions of the "real"
machine (the host) (these days my tasks are related to converting call sites
which still uses old memory management API across the whole kernel, especially
in file systems code).
This way I still have an host always booting with secure boot, and several
VMs for testing patches for various archs (32 and 64 bits virtual machines).
I'd suggest to not disable secure boot in your host, since it's really useful
for whoever cares security. Instead you should run custom kernels in VMs and
just disable secure boot in guests.
Regards,
Fabio
next prev parent reply other threads:[~2022-10-13 14:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-09 17:51 trouble booting into staging kernel Deepak R Varma
2022-10-09 17:56 ` Julia Lawall
2022-10-09 19:01 ` Deepak R Varma
2022-10-09 19:12 ` Julia Lawall
2022-10-09 19:55 ` Deepak R Varma
2022-10-12 20:22 ` Deepak R Varma
2022-10-13 5:21 ` Julia Lawall
2022-10-13 8:44 ` Deepak R Varma
2022-10-13 10:10 ` Deepak R Varma
2022-10-13 14:59 ` Fabio M. De Francesco [this message]
2022-10-13 16:38 ` Deepak R Varma
2022-10-16 14:23 ` Deepak R Varma
2022-10-10 10:54 ` Stefano Brivio
2022-10-10 17:02 ` Deepak R Varma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2118793.irdbgypaU6@mypc \
--to=fmdefrancesco@gmail.com \
--cc=drv@mailo.com \
--cc=julia.lawall@inria.fr \
--cc=outreachy@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.