3 May
2024
3 May
'24
1:11 p.m.
One thing I would like to point out is secure boot in the form of Android Boot Images and UKIs. These secure boot technologies combine kernel+cmdline+initramfs (and optionally a dtb, if the dtb is on the OS) into a secured binary blob to be delivered to the client device. If the dtb exists on the OS side, we must now provide a signed Android Boot Images and/or UKIs per device, this concept doesn't exists in package managers I know, at least in Fedora, CentOS Stream. If the kernel+cmdline+initramfs doesn't have a dtb, we can deliver a generic version that is secured for all devices.