[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UEFI Secure Boot - the plan for stretch

On Tue, Apr 05, 2016 at 03:36:01AM +0100, Ben Hutchings wrote:
> >  * fwupdate

> Someone who understands this should open an ITP or RFP.

fwupdate just needs a fwupdate-signed package for any EFI-signed binary if
we want this to be usable on secureboot systems.  I wouldn't say this blocks
SB support though and would leave it up to the fwupdate maintainers (incl.
Sledge) to sort through.

> >  * ???

> It seems we will have to distribute detached module signatures to
> maintain reproducibility and avoid duplication, so kmod, initramfs-
> tools and dracut all need to handle those.  I've written the patches
> for kmod (#820010) and initramfs-tools (#820037), and it should be easy
> to support them in dracut (#820041).

FWIW the Ubuntu kernel team is currently working through the requirements
around signed kernel modules right now over there; I'll point them at your
patches and hopefully get you some good feedback.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: