From patchwork Tue Dec 18 15:57:14 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 1015443
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43K2j625Vzz9sDB;
	Wed, 19 Dec 2018 02:57:30 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gZHkL-0001Pz-Ql; Tue, 18 Dec 2018 15:57:25 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkJ-0001PU-Ks
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:23 +0000
Received: from mail-io1-f71.google.com ([209.85.166.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkJ-0007pC-Ac
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:23 +0000
Received: by mail-io1-f71.google.com with SMTP id q23so15781230ior.6
	for <kernel-team@lists.ubuntu.com>;
	Tue, 18 Dec 2018 07:57:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=qlwavwncPaMTpjEYWc0bSZ2FYfpnnay+R/I0iVc1wqg=;
	b=D7ZG7vGllqWfuTv3FJNSuGutZe4J44hbPzjQSbh4jOVU2C8lX5G/tIsAgU+M6fARsz
	9q3QTLOOOuEbwKN34mguGzTqXrVtHNtfUucuElB9j0AxVIHEVbJFUlCqeprrOO6Bu/BP
	mFYfhTExdLiex8DWCnyaNRrIHULu3+HRBQ8e08CgHohE9FQnDog8jm8Pw+o3oQ1adAo2
	7lTA+iRyv6X4pnRMxZUBSp38gc/GM4sFvpjUIe0jHiFkE+T0bWoBk0N6nAY+raVN5pTV
	FHWRFBcyx9Viqy+ieH9ZE6bVfGqqhSXOkBU9Wpehca4kp2uvGpPzsGTo3GyrQg4PgB68
	R13A==
X-Gm-Message-State: AA+aEWaYLZgXEqpgzDPKBq/CBUekKuRZdquGF9jdHPUoRWllMZrwpPn+
	ZpI39xy6pqHjWrYYYRYpVYZiLDMt51qCoeV8GXPaDBDfQBwl+DBiYrK7irH9y66FTm1SLzhDw9j
	snUk6bZVDNEP8Atz4JJ/boYB9iCF6txiH8ur7PVbuNQ==
X-Received: by 2002:a02:c498:: with SMTP id
	t24mr16353017jam.126.1545148642112;
	Tue, 18 Dec 2018 07:57:22 -0800 (PST)
X-Google-Smtp-Source: 
 AFSGD/X1WE5UzsGifhHoKlimVM3jiJG6vU6DDqClFSg7pCxM5fQPaB6I6KaMQRbMFnvTtzonONIfvg==
X-Received: by 2002:a02:c498:: with SMTP id
	t24mr16352997jam.126.1545148641779;
	Tue, 18 Dec 2018 07:57:21 -0800 (PST)
Received: from localhost ([2605:a601:ac7:2a20:f9d0:f996:c42d:aa0c])
	by smtp.gmail.com with ESMTPSA id
	p19sm1901999itp.13.2018.12.18.07.57.21
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Tue, 18 Dec 2018 07:57:21 -0800 (PST)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/3][disco linux] UBUNTU: [Packaging] remove handoff check
	for uefi signing
Date: Tue, 18 Dec 2018 09:57:14 -0600
Message-Id: <20181218155718.20930-2-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181218155718.20930-1-seth.forshee@canonical.com>
References: <20181218155718.20930-1-seth.forshee@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: Dann Frazier <dann.frazier@canonical.com>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

This check doesn't work for arm64 and is no longer necessary for
x86, so remove it.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 debian/rules.d/2-binary-arch.mk | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 08c2813f9657..61805f69e3fc 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -120,13 +120,8 @@ endif
 
 ifeq ($(uefi_signed),true)
 	install -d $(signingv)
-	# Check to see if this supports handoff, if not do not sign it.
-	# Check the identification area magic and version >= 0x020b
-	handoff=`dd if="$(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$*" bs=1 skip=514 count=6 2>/dev/null | od -s | gawk '($$1 == 0 && $$2 == 25672 && $$3 == 21362 && $$4 >= 523) { print "GOOD" }'`; \
-	if [ "$$handoff" = "GOOD" ]; then \
-		cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
-			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
-	fi
+	cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
+		$(signingv)/$(instfile)-$(abi_release)-$*.efi;
 endif
 ifeq ($(opal_signed),true)
 	install -d $(signingv)

From patchwork Tue Dec 18 15:57:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 1015445
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43K2j73gRgz9sDL;
	Wed, 19 Dec 2018 02:57:31 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gZHkN-0001Qb-04; Tue, 18 Dec 2018 15:57:26 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkL-0001Pn-AK
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:25 +0000
Received: from mail-it1-f200.google.com ([209.85.166.200])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkL-0007pM-0C
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:25 +0000
Received: by mail-it1-f200.google.com with SMTP id i12so3337980ita.3
	for <kernel-team@lists.ubuntu.com>;
	Tue, 18 Dec 2018 07:57:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=sXqrBIdAdHWuKligDaM2p6K+C5vZHblhMDIK2LGNl1k=;
	b=OYACD1W+9HQZyNA2yFLcSLNEq3AjH4mD7p3nol8DlJWcQQss2n4bjPzfrBUE9LXRml
	Sl4O+9S4aYScrXA4R8bYTdr33PrYUNajQxw7Y4S5PbHHYYXfIQvDEzCzi4N7+6HIJ7aV
	YB7NevPfSaMjdW9joba4JqpTeiCBQ31kolTaGSeSz5RBQNlj8hhDaY7s53ouhX+pPP8W
	oWpXOsrU+Gq2mBkq69O9qucUEMlallOGl/9CFXaG9ZOl52Lr9hWjxs0ltEFRcJDh6AJR
	UA+S9FnrvOEiXgKjhJzrjUwB++5Z/7Y9Rh1SqB0uTuT+lvf9ZIyM3qqKekaEHgdSPPt3
	LjLQ==
X-Gm-Message-State: AA+aEWbIuC04Yk3+1Blz/CZWQZDBe84kLWT23FEAbbzSwJrMsRCR0wUI
	UZh9jfPNgcSVw2tqm0WvLmt2S9pgIAT2BPOFYzSPc9v5oNgrdZgDIOWpGsdsR0t3lJErp4Pu4+2
	pOBu4q99II6VVaE03Bdk1RDQM/ZW5xJxJkf9sitLRHg==
X-Received: by 2002:a6b:3fd7:: with SMTP id
	m206mr14355162ioa.210.1545148643772;
	Tue, 18 Dec 2018 07:57:23 -0800 (PST)
X-Google-Smtp-Source: 
 AFSGD/UmNzxz886+qGa49UFc6nhAGmXpkHKDrKEFIP0gDOOvHuW1x25M7eXD51hyLsiM1tce7sBMag==
X-Received: by 2002:a6b:3fd7:: with SMTP id
	m206mr14355141ioa.210.1545148643425;
	Tue, 18 Dec 2018 07:57:23 -0800 (PST)
Received: from localhost ([2605:a601:ac7:2a20:f9d0:f996:c42d:aa0c])
	by smtp.gmail.com with ESMTPSA id
	72sm1680940itw.16.2018.12.18.07.57.22
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Tue, 18 Dec 2018 07:57:22 -0800 (PST)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 2/3][disco linux] UBUNTU: [Packaging] decompress gzipped efi
	images in signing tarball
Date: Tue, 18 Dec 2018 09:57:15 -0600
Message-Id: <20181218155718.20930-3-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181218155718.20930-1-seth.forshee@canonical.com>
References: <20181218155718.20930-1-seth.forshee@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: Dann Frazier <dann.frazier@canonical.com>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

The arm64 generic kernel image files are gzipped. For UEFI secure
boot grub will validate the sigature on the decompressed image,
so the file in the signing tarbal must also be decompressed. It
can later be recompressed when building linux-signed.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 debian/rules.d/2-binary-arch.mk | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 61805f69e3fc..60d1dd510174 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -120,8 +120,16 @@ endif
 
 ifeq ($(uefi_signed),true)
 	install -d $(signingv)
-	cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
-		$(signingv)/$(instfile)-$(abi_release)-$*.efi;
+	# We use Image.gz for arm64; detect and decompress for signing
+	if [[ "$(kernfile)" =~ \.gz$$ ]]; then \
+		cat $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* | \
+			gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \
+		cp -p --attributes-only $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
+			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
+	else \
+		cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
+			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
+	fi
 endif
 ifeq ($(opal_signed),true)
 	install -d $(signingv)

From patchwork Tue Dec 18 15:57:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 1015447
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43K2jB6GX1z9sCh;
	Wed, 19 Dec 2018 02:57:34 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gZHkQ-0001TN-Cg; Tue, 18 Dec 2018 15:57:30 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkN-0001QY-1V
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:27 +0000
Received: from mail-it1-f198.google.com ([209.85.166.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1gZHkM-0007pU-Nl
	for kernel-team@lists.ubuntu.com; Tue, 18 Dec 2018 15:57:26 +0000
Received: by mail-it1-f198.google.com with SMTP id i12so3338089ita.3
	for <kernel-team@lists.ubuntu.com>;
	Tue, 18 Dec 2018 07:57:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=6NWZGUbENboLpoKEoU7sasoCYoMM9RN/5wLXuwdrc+c=;
	b=Z0Jeo7Gh8wgUd00puM0vvwpLBIbzwFN3tOuiw0PS+aeUKAjnQrS1D+BHgd6knIw858
	bJk+PCZcsYY7a9+IUrWt2cAl9PxUbGwipr30sTu3PO21AJo4SIMoU9m8QTS3f9OjLoGy
	BADOldvXiGwBNV/wDuMLFhOgnkX3iPPS77zBKrSGi/lrSo4jxWOvEAXAeZ3YEsTwWcaf
	IeI7CdKRKSFwq2UXcusiT8VwNeIWiP9BG42tSWTyEuQh624F3z4EPGscnVbMa1WDNnqK
	6ktU2exlU5JwZtCfrK/2+HcPeId9KSMBWOAKr4bQ1enrVQnXf1DHInEEJ5MmXDPOWN9t
	2G2g==
X-Gm-Message-State: AA+aEWYof1acb2vh5Lm7E8MWQLjne4AomnMtOUa3Kt9BwFOGf3uiNo0b
	Fv0LY01jWDG4rBhco4j29wrPT75FXEIdXC9JphMKSIN3AU0TMSgQjA57S7IL/wvy7keWKFKiOiB
	fnl/1F4D5p03jDFVMGmV5EfS87Fp7UoKDmBLza8UOUQ==
X-Received: by 2002:a5d:8347:: with SMTP id q7mr5333985ior.49.1545148645281;
	Tue, 18 Dec 2018 07:57:25 -0800 (PST)
X-Google-Smtp-Source: 
 AFSGD/UlHx24ogYrgcIP+rvG993whDJUCJEbxTMzUC5ldAoFkrPPgwW9PRpV8BzlNGSCxKMmseOH0g==
X-Received: by 2002:a5d:8347:: with SMTP id q7mr5333968ior.49.1545148644955;
	Tue, 18 Dec 2018 07:57:24 -0800 (PST)
Received: from localhost ([2605:a601:ac7:2a20:f9d0:f996:c42d:aa0c])
	by smtp.gmail.com with ESMTPSA id
	s15sm7474373ioe.52.2018.12.18.07.57.24
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Tue, 18 Dec 2018 07:57:24 -0800 (PST)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 3/3][disco linux] UBUNTU: Build signed kernels for arm64
Date: Tue, 18 Dec 2018 09:57:16 -0600
Message-Id: <20181218155718.20930-4-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181218155718.20930-1-seth.forshee@canonical.com>
References: <20181218155718.20930-1-seth.forshee@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: Dann Frazier <dann.frazier@canonical.com>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: dann frazier <dann.frazier@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Signed-off-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 debian.master/rules.d/arm64.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian.master/rules.d/arm64.mk b/debian.master/rules.d/arm64.mk
index 999e4ca8129a..23009120f797 100644
--- a/debian.master/rules.d/arm64.mk
+++ b/debian.master/rules.d/arm64.mk
@@ -7,6 +7,7 @@ build_image	= Image.gz
 kernel_file	= arch/$(build_arch)/boot/Image.gz
 install_file	= vmlinuz
 no_dumpfile = true
+uefi_signed     = true
 
 # The uboot used in ubuntu core can't handle Image.gz, so
 # create this flavour to generate a Image just for them