On 23/05/2021 16:32, Peter Georg wrote: <snip> > * Work with other SIGs and others involved to establish a common > work-flow to sign kernels and/or kernel modules provided by SIGs. > ><snip> As Davide already mentioned earlier, signing kernel with CentOS distro key and/or secureboot isn't something that is possible (and doubt it will ever be possible) See https://pagure.io/centos-infra/issue/307 So in short : if SIGs don't expect to sign kernel with the centos distro key (https://www.centos.org/keys/#centos-project-keys-starting-from-centos-8) and also don't expect their built kernel/kernel modules to be signed with the centos key pair used for secureboot, that's something that can be done. I prefer mentioning this here *before* people start a SIG and then would hit a wall, as nothing would have been discussed as Requirement/must-have vs "nice-to-have" :-) -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab