Skip to content
  • Joanna Rutkowska's avatar
    785cbcb1
    Update kernel signature verification · 785cbcb1
    Joanna Rutkowska authored 
    1) For newer pvops kernels we can use kernel.org sign files that are signed
with a new (uncompromised, at least not known to be compromised yet) key
2) For older kernel, we need to use hash, as the kernel.org decided not to
release update signature with a new key.
In any case, use hash-based verification additionally, try to minimize trust put
into kernel.org people...
    785cbcb1
    Update kernel signature verification
    Joanna Rutkowska authored 
    1) For newer pvops kernels we can use kernel.org sign files that are signed
with a new (uncompromised, at least not known to be compromised yet) key
2) For older kernel, we need to use hash, as the kernel.org decided not to
release update signature with a new key.
In any case, use hash-based verification additionally, try to minimize trust put
into kernel.org people...