Why aren't all the modules signed?
Hi, I was recently trying to use Grub as a signed variant of UEFI:NTFS (https:/
I know compiling the NTFS module into the main image is pointless, since 99% of people would never use it (I wouldn't even want it compiled into the standard image), but why aren't the modules themselves signed with the Canonical secure bootloader key (Or even signed with a special 'grub module' key with the public key embedded, similar to the microsoft-signed shim)? According to the #grub irc room on freenode grub supports loading signed modules, so it stands to reason that you could simply have all the modules signed for full secure boot support, even with modules that aren't included in the stock signed image.
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Colin Watson
- Solved:
- Last query:
- Last reply: