On Mon, 10 Jun 2019 15:58:24 +0200 (CEST)
Jan Engelhardt
On Monday 2019-06-10 15:43, Michal Suchánek wrote:
From the point of view of data integrity and recovery the zstd format is not particularly awesome AFAICS.
That said, this is not particularly critical for use with rpm. The packages are protected by strong cryptographic hash and signature anyway so you should not even get a corrupted rpm package in hand. [...] This might be somewhat more relevant for something like initrd which tends to be transferred over networks
So just sign the initrd as well, either the kernel or a potent bootloader can check it :-)
And that's the thing: for secure boot the bootloader verifies it, not the kernel. And that's not supported on all platforms. When the kernel gets to reading the initrd it has not idea if the bootloader really verified it or not. Thanks Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org