Open cgwalters opened 4 years ago
And the only other OS that I see flagged in GCP as SB capable is their "container optimized" OS, e.g. cos-stable-79-12607-80-0
.
One thing that confused me is that /boot/efi
looked mostly clean, but in fact the ESP isn't mounted there by default. Doing mount /dev/sda12 /boot/efi
, I see the same Google/GSetup
stuff there.
So I could try extracting these binaries/keys and add them to FCOS on GCP, but I'd really like to know their provenance and rationale for existence.
I pointed @mjg59 at this thread a while back and we had a private email discussion about it; the gist of it is he said the requirement for those binaries is probably a bug, but we haven't continued since.
In https://github.com/coreos/mantle/pull/1060 I enabled the flag for SB, but it fails on startup.
Playing around in an Ubuntu image flagged with SB, I notice this:
Which doesn't seem owned by any package.