Hi Ben, Holger, On 22-04-2019 00:25, Ben Hutchings wrote: > On Fri, 2019-03-29 at 16:45 +0100, Paul Gevers wrote: >> Package: release-notes >> X-Debbugs-CC: debian-boot@lists.debian.org >> >> As now discussion on the RT sprint, the release notes should probably >> say something about the work on secure boot. >> >> I wouldn't know what to put in, so proposals are welcome. Until that >> time, I file this bug to not forget. > > I don't have a complete proposed text, but I think the key points to > include are: > > * Secure Boot is a feature enabled on most PCs that prevents loading > unsigned code, protecting against some kinds of bootkit and rootkit. > > * Debian can now be installed and run on most PCs with Secure Boot > enabled. > > * It is possible to enable Secure Boot on a system that has an existing > Debian installation, if it already boots using UEFI. Before doing > this, it's necessary to install shim-signed, grub-efi-amd64-signed or > grub-efi-ia32-signed, and a Linux kernel package from buster. > > * Some features of GRUB and Linux are restricted in Secure Boot mode, > to prevent modifications to their code. > > * More information can be found on the Debian wiki at > <https://wiki.debian.org/SecureBoot>. For now (I do expect improvements after review, but didn't want to wait), I have basically committed the text above: https://salsa.debian.org/ddp-team/release-notes/commit/90a9a34 as well as applied more or less the update proposed by Holger: https://salsa.debian.org/ddp-team/release-notes/commit/f112557 Thanks Paul
Attachment:
signature.asc
Description: OpenPGP digital signature