[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to revoke Debian kernels for secure boot

On Thu, Dec 14, 2023 at 09:31:11PM +0100, Bastian Blank wrote:
> On Thu, Dec 14, 2023 at 03:09:51PM +0000, Steve McIntyre wrote:
> > It's a difficult thing to do, especially in light of significant
> > pushback from upstream developers.

Okay, I finally managed to read most of that thread.  And it boils down
to procedural problems, leading to no viable patch.

Like the submitter not wanting to take replies seriously or even sending
the patch to the correct maintainer in the first place.  To specify a
SBAT policy for upstream Linux, where people told the submitter several
times that Linux is not interested in a secure boot policy, but such a
policy needs to be defined by the signers, aka us.

So we are free to specify "linux.debian" and attach our own policy to
it.  Or "linux-debian", so we can use "linux-debian.*" for internal
things.  Or so.

Just curious: how to MOK and SBAT interact?

Regards,
Bastian

-- 
If I can have honesty, it's easier to overlook mistakes.
		-- Kirk, "Space Seed", stardate 3141.9
Reply to: