kairos icon indicating copy to clipboard operation
kairos copied to clipboard

Published 20 hours ago verified publisher icon kairos-io

[factory web ui] Trusted boot system extensions

Open mauromorales opened this issue 8 months ago • 1 comments

Allow to build system extensions together with the generated image

mauromorales avatar Mar 17 '25 08:03 mauromorales

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar May 28 '25 02:05 github-actions[bot]

It should not be only about "trusted boot". We should allow the users to create system extensions that don't need signing. Currently we only document the process with the use of keys here: https://kairos.io/docs/advanced/sys-extensions/#building-system-extensions-from-a-docker-image-with-auroraboot

but we should allow building them with not keys provided. Then we can expose that process in the web UI.

Also, we can allow the users to generate the keys from the web UI or let the operator (the persona spinning up the Web UI) point to a directory with existing keys. The web UI can have a switch "sign with keys" when there are keys available or not sign at all.

jimmykarily avatar Sep 15 '25 08:09 jimmykarily

Created a ticket for the key generation: https://github.com/kairos-io/kairos/issues/3661

jimmykarily avatar Sep 15 '25 09:09 jimmykarily