Does sicherboot sign the initrd?
vvug opened this issue · 1 comments
vvug commented
Hi,
One this is not very clear to me: does sicherboot sign the initrd? If this is the case this would be a big advantage over the "classic" setup where the initrd is not signed, as it allows an unencrypted /boot
partition to hold only signed data. This data can then be used to unlock the root partition, possibly remotely, and by being signed we can be sure it has not been tampered with.
julian-klode commented
Yes, the kernel and initrd are combined in a single image which is then signed.