Noel Georgi

Kernel modules signed by MoK

1

## Feature Request Kernel modules may optionally be signed by MoK which would mean avoding re-building the kernel. This currently requires usage of `shim` which is not in context of...

UKI Kexec

3

## Feature Request Currently kexec doesn't support using a UKI, we could in theory extract kernel, initrd and cmdline from UKI and kexec. Since UKI `.kernel` is already signed kexec...

Secureboot: Rollback protection

1

## Feature Request How do we implement rollback to vulnerable version? See **Revocation/Rollback Protection** section in https://0pointer.de/blog/brave-new-trusted-boot-world.html

Set EFIvars after talos install

7

## Feature Request Set EFI vars to denote the EFI to use sd-boot after talos install is done We need to write the `BootOrder` EFI var and set to `sd-boot`...

Cleanup talos dockerfile

1

## Feature Request #7280 does some cleanup, but there are more places we can use `BUILDPLATFORM`, `TARGETOS` etc and use `local-` targets for faster cycles.

add UKI fingerprint to Talos securitystate resource

1

## Feature Request #7514 related

IMA signed kernel modules

1

PoC to see if we can allow users to bring in their public keys that IMA trusts and the kernel modules signed by those: Ref: * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/kernel_administration_guide/enhancing_security_with_the_kernel_integrity_subsystem * https://sourceforge.net/p/linux-ima/wiki/Home/ *...