Release process: SquashFS file order vs. Secure Boot
Preparing 4.5~rc1, I’m now wondering whether it is important to have Secure Boot explicitly enabled or disabled when profiling the boot sequence to proceed with the SquashFS file order update.
I haven’t looked at what happened exactly in a boot sequence with Secure
Boot enabled… but we might be missing some signatures if the RM doesn’t
use a Secure Boot enabled system? Checking the contents of a current
linux-image package, it seems like the signatures are embedded
directly into the
vmlinuz kernel binary and individual
rather than being shipped alongside them. But there might be some other
things I haven’t thought of…
Definitely not a blocker for 4.5~rc1, but I suppose it would be slightly safer to have an answer before the final 4.5 release.
intrigeri and segfault accordingly.