Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: expose systemd cert enrollment configuration of LiveCD in enki #2430

Closed
Tracked by #1792
mudler opened this issue Apr 4, 2024 · 0 comments · Fixed by kairos-io/enki#87
Closed
Tracked by #1792

feat: expose systemd cert enrollment configuration of LiveCD in enki #2430

mudler opened this issue Apr 4, 2024 · 0 comments · Fixed by kairos-io/enki#87
Assignees
@jimmykarily
Labels
enhancement New feature or request uki

Comments

@mudler
Copy link
Member

mudler commented Apr 4, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
When we know that the certificate works for UKI installations, it is cumbersome to have to do manually install the keys. There are also cases where it is not possible to install/append keys manually.

Describe the solution you'd like
enki to have a flag option to expose the systemd-boot (in the LiveCD only) option (secure-boot-enroll) https://www.freedesktop.org/software/systemd/man/latest/loader.conf.html

Describe alternatives you've considered
N/A

Additional context
Enki should default to if-safe, but the user should be allowed to override this setting via CLI args

This is to work in tandem with #2418 to have ISOs that automatically enroll certificates from the vendor + user-generated if those can be exported by the HW bios.
@mudler mudler added enhancement New feature or request triage Add this label to issues that should be triaged and prioretized in the next planning call labels Apr 4, 2024
@mudler mudler moved this to Todo 🖊 in 🧙Issue tracking board Apr 8, 2024
@mudler mudler added the uki label Apr 8, 2024
@mudler mudler mentioned this issue Apr 8, 2024
Closed
33 tasks
@jimmykarily jimmykarily moved this from Todo 🖊 to In Progress 🏃 in 🧙Issue tracking board Apr 9, 2024
@jimmykarily jimmykarily self-assigned this Apr 9, 2024
@jimmykarily jimmykarily removed the triage Add this label to issues that should be triaged and prioretized in the next planning call label Apr 9, 2024
jimmykarily added a commit to kairos-io/enki that referenced this issue Apr 9, 2024
@jimmykarily
Expose secure-boot-enroll systemd-boot option
2e2a124 
Fixes kairos-io/kairos#2430

Signed-off-by: Dimitris Karakasilis <[email protected]>
@jimmykarily jimmykarily mentioned this issue Apr 9, 2024
Merged
@jimmykarily jimmykarily moved this from In Progress 🏃 to Under review 🔍 in 🧙Issue tracking board Apr 10, 2024
@github-project-automation github-project-automation bot moved this from Under review 🔍 to Done ✅ in 🧙Issue tracking board Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jimmykarily jimmykarily

Labels
enhancement New feature or request uki
Projects
🧙Issue tracking board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Expose secure-boot-enroll systemd-boot option kairos-io/enki
2 participants
@mudler @jimmykarily