I am building a kernel from the fedora `kernel.spec` file and SRPM. It works as good as the official kernel, but nothing in it is signed. I know that I can sign the kernel RPM package, but what about the kernel itself (for secure boot). The Fedora kernel is signed on a separate system, but I can not find any docs for it. I know that I cant use Fedora's keys, but what about signing it with my keys, then adding those keys to the shim. I am trying to make it so that a user starting on a fresh install can use the kernel by adding the public keys to the shim, then installing the kernel RPM. I also want the modules to be signed with my key (I don't care if it is the same key that used for the rest of the kernel). I do not mean signing the RPM packages, but the binaries that are installed from the RPM package. I also do not want to have to signed the installed binaries with a per install key locally. tl;dr: I want to make kernel RPM package that is exactly the same as the Fedora package, but I compile it, and it uses my signing keys. I also want to be able to distribute this in the same way as the Fedora package, but with the user adding the key to the shim.