Store safeboot.conf in initramfs #13
Labels
Comments
osresearch
added
enhancement
|
The safeboot config, TPM policies and sealed secrets can go into the initrd, since they do not change between things. The dmverity root hash could go into the initrd, but can't be stored on the disk, since it depends on the contents of the root filesystem. Part of building the signed unified image could be appending our specific initrd contents. Linux will decompress and extract any number of cpio files concatenated, as long as they are aligned on 512-byte boundaries. |
|
Config is now stored in the initrd as part of #58 |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rather than adding an ever ending list of things to the kernel command line, perhaps the
/etc/safeboot/safeboot.confshould be stored in the initramfs.Pros: more flexibility in arguments, less parsing of kernel command lines
Cons: requires regenerating the initramfs more often.
The text was updated successfully, but these errors were encountered: