pub fn verify() -> Result<(), KernelError>Expand description
Verify secure boot chain.
This is the main entry point called during kernel initialization. It performs the following steps:
- Check if secure boot is enabled
- Hash the kernel image
- Record the measurement in the boot log
- Extend TPM PCR 0 with the kernel hash
- Verify the kernel signature (if configured)
- Fall back to hash comparison (if no signature)
- Return overall verification status