Conversation

Jarkko Sakkinen

Edited 1 month ago
Can OpenPGP signing key used also as Machine Owner Key (MOK) for signing kernel and modules by some means? That would be the most practical way as I have that always available in my Yubikey.

I can use my OpenPGP keyring to:

1. Sign tags for Linus.
2. Sign commits at work.
3. Authenticate to all SSH servers I have access to.
4. Authenticate to all Git repositories I have access to.
5. Right and manage my "root of trust" with pass: https://www.passwordstore.org/

I'm sure it must be applicable in a way or another also as MOK.

#linux #security #yubikey
1
3
3

@jarkko you'd have to check into the details of mokutil and related scripts - assuming key sizes check out it might be usable with a bit of format conversion of pubkeys and signatures

0
0
0