6 lines
300 B
Text
6 lines
300 B
Text
|
# Sign unified images with sbctl keys to support secure boot
|
||
|
uefi_secureboot_cert="/usr/share/secureboot/keys/db/db.pem"
|
||
|
uefi_secureboot_key="/usr/share/secureboot/keys/db/db.key"
|
||
|
# Enable lockdown if secure boot's on to prevent loading unsigned kernel modules
|
||
|
kernel_cmdline+=" lockdown=integrity "
|