[CentOS-devel] RFC: kmods SIG Proposal

Sun May 23 19:18:05 UTC 2021
Fabian Arrotin <arrfab at centos.org>

On 23/05/2021 16:32, Peter Georg wrote:
> * Work with other SIGs and others involved to establish a common
> work-flow to sign kernels and/or kernel modules provided by SIGs.

As Davide already mentioned earlier, signing kernel with CentOS distro
key and/or secureboot isn't something that is possible (and doubt it
will ever be possible)

See https://pagure.io/centos-infra/issue/307

So in short : if SIGs don't expect to sign kernel with the centos distro
(https://www.centos.org/keys/#centos-project-keys-starting-from-centos-8) and
also don't expect their built kernel/kernel modules to be signed with
the centos key pair used for secureboot, that's something that can be done.

I prefer mentioning this here *before* people start a SIG and then would
hit a wall, as nothing would have been discussed as
Requirement/must-have vs "nice-to-have" :-)

Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | twitter: @arrfab