mkosi commit the issue has been seen with
main
Used host distribution
Arch
Used target distribution
Arch
Linux kernel version used
6.18.2-arch2-1
CPU architectures issue was seen on
x86_64
Unexpected behaviour you saw
the mkosi-initrd configuration doesn't seem to accept a Phases= switch like ukify does.
Thus secrets from the initrd phase are accessible from the booted system.
Used mkosi config
[Validation]
SecureBoot=yes
SignExpectedPcr=yes
SecureBootKey=/etc/kernel/secure-boot-private-key.pem
SecureBootCertificate=/etc/kernel/secure-boot-certificate.pem
SignExpectedPcrKey=/etc/systemd/tpm2-pcr-private-key.pem
SignExpectedPcrCertificate=/etc/systemd/tpm2-pcr-public-key.pem
mkosi output
mkosi commit the issue has been seen with
main
Used host distribution
Arch
Used target distribution
Arch
Linux kernel version used
6.18.2-arch2-1
CPU architectures issue was seen on
x86_64
Unexpected behaviour you saw
the mkosi-initrd configuration doesn't seem to accept a
Phases=switch like ukify does.Thus secrets from the initrd phase are accessible from the booted system.
Used mkosi config
mkosi output