5 lines
300 B
Text
5 lines
300 B
Text
# Sign unified images with sbctl keys to support secure boot
|
|
uefi_secureboot_cert="/usr/share/secureboot/keys/db/db.pem"
|
|
uefi_secureboot_key="/usr/share/secureboot/keys/db/db.key"
|
|
# Enable lockdown if secure boot's on to prevent loading unsigned kernel modules
|
|
kernel_cmdline+=" lockdown=integrity "
|