[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#925971: release-notes: should mention secure boot in d-i

Hi Ben, Holger,

On 22-04-2019 00:25, Ben Hutchings wrote:
> On Fri, 2019-03-29 at 16:45 +0100, Paul Gevers wrote:
>> Package: release-notes
>> X-Debbugs-CC: debian-boot@lists.debian.org
>> As now discussion on the RT sprint, the release notes should probably
>> say something about the work on secure boot.
>> I wouldn't know what to put in, so proposals are welcome. Until that
>> time, I file this bug to not forget.
> I don't have a complete proposed text, but I think the key points to
> include are:
> * Secure Boot is a feature enabled on most PCs that prevents loading
>   unsigned code, protecting against some kinds of bootkit and rootkit.
> * Debian can now be installed and run on most PCs with Secure Boot
>   enabled.
> * It is possible to enable Secure Boot on a system that has an existing
>   Debian installation, if it already boots using UEFI.  Before doing
>   this, it's necessary to install shim-signed, grub-efi-amd64-signed or
>   grub-efi-ia32-signed, and a Linux kernel package from buster.
> * Some features of GRUB and Linux are restricted in Secure Boot mode,
>   to prevent modifications to their code.
> * More information can be found on the Debian wiki at
>   <https://wiki.debian.org/SecureBoot>.

For now (I do expect improvements after review, but didn't want to
wait), I have basically committed the text above:

as well as applied more or less the update proposed by Holger:


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: