On 23/05/2021 16:32, Peter Georg wrote: <snip>
- Work with other SIGs and others involved to establish a common
work-flow to sign kernels and/or kernel modules provided by SIGs.
<snip>
As Davide already mentioned earlier, signing kernel with CentOS distro key and/or secureboot isn't something that is possible (and doubt it will ever be possible)
See https://pagure.io/centos-infra/issue/307
So in short : if SIGs don't expect to sign kernel with the centos distro key (https://www.centos.org/keys/#centos-project-keys-starting-from-centos-8) and also don't expect their built kernel/kernel modules to be signed with the centos key pair used for secureboot, that's something that can be done.
I prefer mentioning this here *before* people start a SIG and then would hit a wall, as nothing would have been discussed as Requirement/must-have vs "nice-to-have" :-)