169362ce3d
Add complete Secure Boot implementation: - Generate PK/KEK/db keys during ISO build - Build Unified Kernel Image (UKI) bundling kernel+initramfs+cmdline - Sign UKI with db key for Secure Boot verification - Include kernel lockdown mode in cmdline (lockdown=confidentiality) - Copy .auth files to ISO for UEFI key enrollment All Secure Boot logic is embedded in run.sh as an inline binary hook created during the Docker build process - no separate scripts. Required packages added: efitools, sbsigntools, systemd-boot, binutils VM template updated with TPM v2.0 for Secure Boot measurements. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
1.5 KiB
1.5 KiB