[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.

On Tue, Oct 18, 2016 at 7:36 PM, Ian Jackson wrote:

> I'm afraid I can't make sense of this.  You have posted it to
> debian-devel, but without any kind of sensible explanation of the
> context.

It was posted to bug #820036, which is tracking Debian support for
secure boot. Peter was advocating quite correctly that as well as
having our copy of shim (the first-stage bootloader on secure boot
systems) signed by Microsoft, we should also have a copy signed by a
Debian signing authority, so that users can theoretically choose to
distrust the Microsoft key. IIRC, unfortunately in practice that is
unlikely to be possible since various firmware blobs are only
Microsoft-signed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
Reply to: