ACK/Cmnt: [HIRSUTE][PATCH 0/5] Built-in Revocation certificates
Andy Whitcroft
apw at canonical.com
Thu Aug 12 08:39:29 UTC 2021
On Thu, Aug 12, 2021 at 10:25:10AM +0200, Stefan Bader wrote:
> On 09.08.21 14:19, Tim Gardner wrote:
> >
> > None of the git SHA1 commit IDs appear to be valid in upstream linux or
> > even linux-next.
>
> This should be added upon commit but these are all things from impish:linux
> which are required by us to roll our keys. I suspect there will be similar
> sets for all series somewhen in our future.
Agreed. We need all of our live kernels to have this support before we
can rotate our primary keys without exploding the EFI revocation lists.
The sha1s are mostly useless in this context as backports from newer
kernels but benign.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list