Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PESign states for Qubes Builder V2 #112

Open
ben-grande opened this issue Jan 13, 2025 · 0 comments
Open

Add PESign states for Qubes Builder V2 #112

ben-grande opened this issue Jan 13, 2025 · 0 comments
Labels
T: enhancement New feature or request waiting for upstream Future depends on upstream

Comments

@ben-grande
Copy link
Owner

ben-grande commented Jan 13, 2025
edited
Loading

Current problem (if any)

Qubes is introducing a secure boot signing meethod:

Proposed solution

Unfortunately, it appears to be very user specific the key name (to restrict to a specific key) and other user specific configuration of which files the key is stored in:

  • Dom0: /etc/qubes/policy.d/*.policy
  • dvm-qubes-builder-pesign: /usr/local/etc/default/qubes-pesign
  • vault-pesign: /home/user/.config/qubes-pesign/CERT_NICKNAME

The value to a user, and who that user might be

Automate as much as Qubes Bulder V2 setup as possible, leave as little as possible for users and developers to configure to avoid errors.
@ben-grande ben-grande added T: enhancement New feature or request waiting for upstream Future depends on upstream labels Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: enhancement New feature or request waiting for upstream Future depends on upstream
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ben-grande