Re: EFI BoF at DebConf

To: debian-cd@lists.debian.org
Cc: debian-devel@lists.debian.org, debian-boot@lists.debian.org, debian-live@lists.debian.org
Subject: Re: EFI BoF at DebConf
From: Paul Wise <pabs@debian.org>
Date: Tue, 31 Jul 2012 14:40:25 -0600
Message-id: <[🔎] CAKTje6EGV4vOSw2KeQgJVQqrZsf=R6WY0GZSwUOdQjqewshGmQ@mail.gmail.com>
In-reply-to: <[🔎] 20120720223413.GA15128@einval.com>
References: <[🔎] 20120720223413.GA15128@einval.com>

On Fri, Jul 20, 2012 at 4:34 PM, Steve McIntyre wrote:

> Here's a summary of what we discussed in the EFI BoF [1] last week
> (9th July). Thanks to the awesome efforts of the DebConf video team,
> the video of the session is already online [2] in case you missed
> it. I've also attached the Gobby notes that were taken during the
> session. Again, thanks to the people who took part - we had a useful
> discussion.

One thing I don't think anyone has discussed yet is how key
transitions will work, if a distro-specific key is compromised, is the
OS able to update the SB keys?

> Any one binary can only be signed by one key.

Would it be possible/useful to circumvent this limitation by making
copies of the binary and then signing them?

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: EFI BoF at DebConf
  - From: Steve Langasek <vorlon@debian.org>

References:
- EFI BoF at DebConf
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Bug#683434: ITP: libsafe-isa-perl -- Safe::Isa - call isa, can, does and DOES safely on things that may not be objects
Next by Date: Re: EFI BoF at DebConf
Previous by thread: Re: EFI BoF at DebConf
Next by thread: Re: EFI BoF at DebConf
Index(es):
- Date
- Thread