New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spike: investigate extracting Talos ukifier into its own package to substitute systemd-ukify #2412
Comments
related to #2177 |
I already asked a coupe of weeks ago for a split of the package into its own so it can be reused but no luck so far in gedtting an answer: siderolabs/talos#8444 |
Hello Itxaka, Thank you for your submission. As a bot, I am auditing the ticket to ensure it meets the project's requirements. It seems that the issue lacks a few details needed for the project's standard. Specifically, it would be helpful to have a clear description of the issue and any steps necessary to reproduce it. Additionally, it would be beneficial to have the versions of the relevant artifacts being used. Please provide more information following the project's guidelines:
Once these details have been added, the issue can be properly triaged. Remember that it is not a bot's role to provide solutions to issues—we exist solely for auditing and triaging the tickets. If you have any questions, feel free to ask. Note: I am a bot, an experiment of @mudler and @jimmykarly. |
@ci-robbot this is a feature request, any thoughts? |
Hello Itxaka, I have reviewed the issue you have opened and labeled it as an "enhancement". If you have any further questions or concerns, feel free to ask. Note: I am a bot, an experiment of @mudler and @jimmykarly. |
Looks like Talos has its own ukify implementation written in pure go: https://github.com/siderolabs/talos/tree/main/internal/pkg/secureboot
It would be nice if we could extract that into its own package and use it in enki directly so we dont depend on systemd-ukify to do so, which requires shipping the ukify python script with deps and systemd-measure statically linked.
Plus it would mean we dont need to have the stub at a specific location and can ship the stub and systemd-boot as simple efi artifacts to be consumed by enki.
It also measures and deals with SBAT.
Licence is Mozilla 2.0 which is compatible with our license.
There is also some nice secureboot utils in the same package that could be useful for us as well.
The text was updated successfully, but these errors were encountered: