Y
Hacker News
new
|
ask
|
show
|
jobs
by
jburgess777
93 days ago
If you want to avoid the initrd loophole then you will want to look into UKI images. These extend the secure boot signature to include the kernel and ramdisk:
https://uapi-group.org/specifications/specs/unified_kernel_i...