On Tue, Apr 05, 2016 at 03:36:01AM +0100, Ben Hutchings wrote: > > * fwupdate > Someone who understands this should open an ITP or RFP. fwupdate just needs a fwupdate-signed package for any EFI-signed binary if we want this to be usable on secureboot systems. I wouldn't say this blocks SB support though and would leave it up to the fwupdate maintainers (incl. Sledge) to sort through. > > * ??? > It seems we will have to distribute detached module signatures to > maintain reproducibility and avoid duplication, so kmod, initramfs- > tools and dracut all need to handle those. I've written the patches > for kmod (#820010) and initramfs-tools (#820037), and it should be easy > to support them in dracut (#820041). FWIW the Ubuntu kernel team is currently working through the requirements around signed kernel modules right now over there; I'll point them at your patches and hopefully get you some good feedback. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature