We are working on Secureboot to secure our system from evil maid attacks. As part of securing the system, we sign the kernel and associated drivers. We use pesign tool to sign the kernel (vmlinuz). I tried to invoke PKCS engine from openssl to sign the vmlinuz kernel with the private key stored in SoftHSM. But it failed complaining initialization is not done. Is it possible to sign kernel using keys in SoftHSM?
Asked
Active
Viewed 122 times
