I did a quick search on the forum and looked into the wiki article but did not find anything about the initrd references.
I thought this would be interesting. Wondering if archlinux has any plans to implement (official signed kernel), what will happen as a result, any gains besides secure boot?
From Article on what the gains are:
Now that you have full control over your system, running only a Linux kernel image that you sign yourself, a whole raft of possibilities open up. Here’s a few that I can think off of the top of my head:
Linux signed system self-contained in the kernel image (with initramfs) booting into ram, nothing on the disk other than the original kernel image.
Signed kernel image initramfs validates the other partitions with a public key to ensure they aren’t tampered before mounting and using them (ChromeOS does this exact thing quite well). This passes the “chain of trust” on to the filesystem image, giving you assurances that you are running code you trust, on a platform you trust.
Combine signed kernel images with TPM key storage to unlock encrypted partitions.
Really busy at work to actually drive the discussion, hopefully the subject matter will do most of it for me.
Last edited by zkai (2013-09-03 15:20:10)
This does look like a lot of (constant) work, depending on level of expertise.
I see a lot of extremes in attitudes regarding this, myself included, then again there is Phoronix's general point of view, ?
http://www.phoronix.com/scan.php?page=n … px=MTQ1MTg
The "BSD" things in life are "Free", and "Open", and so is "Arch"