Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Allow auto-enrollment of SecureBoot Keys into UEFI #8196

Closed
Tracked by #8010
defreng opened this issue Jan 23, 2024 · 0 comments · Fixed by #8282
Closed
Tracked by #8010

Allow auto-enrollment of SecureBoot Keys into UEFI #8196

defreng opened this issue Jan 23, 2024 · 0 comments · Fixed by #8282
Assignees
@smira

Comments

@defreng
Copy link

defreng commented Jan 23, 2024

Feature Request

Currrently, the systemd-boot configuration is setup to only automatically enroll secure boot keys if it is booted in a VM:
https://github.com/siderolabs/talos/blob/main/pkg/imager/iso/loader.conf

In our environment we would like to set that option to force to always auto-enroll keys as long as the UEFI firmware is in setup mode, even when running bare-metal.
@smira smira mentioned this issue Jan 26, 2024
Closed
@smira smira self-assigned this Feb 7, 2024
smira added a commit to smira/talos that referenced this issue Feb 7, 2024
@smira
feat: support systemd-boot ISO enroll keys option
ccc67ac 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira smira mentioned this issue Feb 7, 2024
Merged
smira added a commit to smira/talos that referenced this issue Feb 7, 2024
@smira
feat: support systemd-boot ISO enroll keys option
557cb10 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
smira added a commit to smira/talos that referenced this issue Feb 8, 2024
@smira
feat: support systemd-boot ISO enroll keys option
2df2a23 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
smira added a commit to smira/talos that referenced this issue Feb 8, 2024
@smira
feat: support systemd-boot ISO enroll keys option
a0a33ed 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
smira added a commit to smira/talos that referenced this issue Feb 8, 2024
@smira
feat: support systemd-boot ISO enroll keys option
9c95449 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
smira added a commit to smira/talos that referenced this issue Feb 21, 2024
@smira
feat: support systemd-boot ISO enroll keys option
6ea29d9 
Fixes siderolabs#8196

Example (profile excerpt):

```yaml
output:
  kind: iso
  isoOptions:
    sdBootEnrollKeys: force
  outFormat: raw
```

Defaults are still same (`if-safe` unless explicitly overridden).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 087b50f)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 6, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@smira smira

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: support systemd-boot ISO enroll keys option smira/talos
2 participants
@smira @defreng