Description
Kernel images can be bundled and signed for systems that enforce Secure Boot. Administrators use this tool when custom kernels or local kernel builds must boot under a trusted firmware policy.
It handles security-sensitive boot material. Signing keys, certificate enrollment, and fallback boot entries must be managed carefully to avoid lockout or trust mistakes.