Add question about how kernel modules are signed

Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
rhboot · Jul 12, 2023 · 1f85d85 · 1f85d85
1 parent d0ba08c
commit 1f85d85
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -145,6 +145,12 @@ This matches https://github.com/rhboot/shim/releases/tag/15.7 and contains the a
 *******************************************************************************
 [your text here]
 
+*******************************************************************************
+### Do you use an ephemeral key for signing kernel modules?
+### If not, please describe how you ensure that one kernel build does not load modules built for another kernel.
+*******************************************************************************
+[your text here]
+
 *******************************************************************************
 ### If you use vendor_db functionality of providing multiple certificates and/or hashes please briefly describe your certificate setup.
 ### If there are allow-listed hashes please provide exact binaries for which hashes are created via file sharing service, available in public with anonymous access for verification.