Conversation

Jarkko Sakkinen

Edited 24 days ago
Can OpenPGP signing key used also as Machine Owner Key (MOK) for signing kernel and modules by some means? That would be the most practical way as I have that always available in my Yubikey.

I can use my OpenPGP keyring to:

1. Sign tags for Linus.
2. Sign commits at work.
3. Authenticate to all SSH servers I have access to.
4. Authenticate to all Git repositories I have access to.
5. Right and manage my "root of trust" with pass: https://www.passwordstore.org/

I'm sure it must be applicable in a way or another also as MOK.

#linux #security #yubikey
1
3
3

@jarkko you'd have to check into the details of mokutil and related scripts - assuming key sizes check out it might be usable with a bit of format conversion of pubkeys and signatures

0
0
0