[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UEFI Secure Boot - the plan for stretch

On Fri, Apr 01, 2016 at 02:35:17PM +0100, Steve McIntyre wrote:
> Hey folks,
> We've been *slowly* working towards this for a while. Let's see where
> we're up to and exactly what still needs doing. I've been asked by
> several people for a public update, and I've had multiple offers of
> help if it's useful.
> We've agreed on the path to follow, and as far as I know we have most
> of the bits either in place or readily available by borrowing from
> others' implementations. There's a wiki page at
> https://wiki.debian.org/SecureBoot about this, including the tasks we
> identified. To summarise:
> 4. Updates for other core packages to add signed versions
> =========================================================
> Once we have our key ready and dak support added, we'll be able to
> upload things and get them signed automatically to create $foo-signed
> packages. Expected packages here:
>  * grub2

I submitted #820129 as a request for a change to grub2 to disallow booting
unsigned kernels if Secure Boot is enabled.

Attachment: signature.asc
Description: Digital signature

Reply to: