update readme
This commit is contained in:
parent
155a49f097
commit
d882455619
24
README.md
24
README.md
@ -1,4 +1,3 @@
|
||||
```bash
|
||||
# Enable/disable automatic signing on kernel updates# Kernel Signer
|
||||
|
||||
A secure boot kernel signing utility for Red Hat based systems (RHEL, CentOS, Fedora, Rocky Linux, AlmaLinux, etc.).
|
||||
@ -8,7 +7,7 @@ A secure boot kernel signing utility for Red Hat based systems (RHEL, CentOS, Fe
|
||||
This package provides a comprehensive solution for signing Linux kernels with custom keys for Secure Boot environments. It includes:
|
||||
|
||||
- Automatic key generation and MOK enrollment
|
||||
- Support for signing individual or all kernels
|
||||
- Support for signing individual or all kernels
|
||||
- Configurable through `/etc/ksigner/ksigner.conf`
|
||||
- Comprehensive logging and status reporting
|
||||
|
||||
@ -17,11 +16,9 @@ This package provides a comprehensive solution for signing Linux kernels with cu
|
||||
### Building the RPM
|
||||
|
||||
1. Install build dependencies:
|
||||
|
||||
```bash
|
||||
# RHEL/CentOS/Rocky/Alma
|
||||
sudo dnf install rpm-build rpmdevtools
|
||||
|
||||
# Create build environment
|
||||
rpmdev-setuptree
|
||||
```
|
||||
@ -47,7 +44,7 @@ sudo rpm -ivh ksigner*.rpm
|
||||
|
||||
The following packages will be automatically installed as dependencies:
|
||||
- `openssl` - Key generation and certificate operations
|
||||
- `mokutil` - Machine Owner Key management
|
||||
- `mokutil` - Machine Owner Key management
|
||||
- `sbsigntools` - Kernel signing utilities
|
||||
- `hmaccalc` - HMAC generation for signed kernels
|
||||
- `sudo` - Privilege escalation
|
||||
@ -86,26 +83,15 @@ Edit `/etc/ksigner/ksigner.conf` to customize behavior:
|
||||
# Enable/disable automatic signing on kernel updates
|
||||
SIGN_ON_UPDATE=true
|
||||
|
||||
# Type of automatic signing (sign, sign-lts, sign-all, sign-all-lts)
|
||||
AUTO_SIGN_TYPE="sign-lts"
|
||||
|
||||
# Define which kernel versions are considered LTS
|
||||
LTS_VERSIONS=(
|
||||
"6.12"
|
||||
"6.6"
|
||||
"6.1"
|
||||
"5.15"
|
||||
"5.10"
|
||||
)
|
||||
# Type of automatic signing (sign, sign-all)
|
||||
AUTO_SIGN_TYPE="sign-all"
|
||||
```
|
||||
|
||||
## Commands
|
||||
|
||||
- `ksigner setup` - Create and install signing keys
|
||||
- `ksigner sign [kernel_file]` - Sign a kernel (latest if no file specified)
|
||||
- `ksigner sign-lts [kernel_file]` - Sign an LTS kernel
|
||||
- `ksigner sign-all` - Sign all available kernels
|
||||
- `ksigner sign-all-lts` - Sign all LTS kernels
|
||||
- `ksigner status` - Show signing key status
|
||||
- `ksigner version` - Show version information
|
||||
|
||||
@ -119,7 +105,7 @@ Logs are written to `/var/log/ksigner.log`.
|
||||
|
||||
- **Configuration**: `/etc/ksigner/ksigner.conf`
|
||||
- **Public Key**: `/etc/pki/sbsign/certs/MOK.pem`
|
||||
- **Private Key**: `/etc/pki/sbsign/private/MOK.priv`
|
||||
- **Private Key**: `/etc/pki/sbsign/private/MOK.priv`
|
||||
- **DER Key**: `/etc/pki/sbsign/certs/MOK.der`
|
||||
- **Log File**: `/var/log/ksigner.log`
|
||||
- **Update Hook**: `/etc/kernel/postinst.d/zz-ksigner`
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user