On Fri, Apr 01, 2016 at 02:35:17PM +0100, Steve McIntyre wrote: > Hey folks, > > We've been *slowly* working towards this for a while. Let's see where > we're up to and exactly what still needs doing. I've been asked by > several people for a public update, and I've had multiple offers of > help if it's useful. > > We've agreed on the path to follow, and as far as I know we have most > of the bits either in place or readily available by borrowing from > others' implementations. There's a wiki page at > https://wiki.debian.org/SecureBoot about this, including the tasks we > identified. To summarise: [...] > 4. Updates for other core packages to add signed versions > ========================================================= > > Once we have our key ready and dak support added, we'll be able to > upload things and get them signed automatically to create $foo-signed > packages. Expected packages here: > > * grub2 I submitted #820129 as a request for a change to grub2 to disallow booting unsigned kernels if Secure Boot is enabled.
Description: Digital signature