Re: Bug#820129: grub2: Disallow booting unsigned kernels when Secure Boot is enabled
On Thu, Apr 12, 2018 at 05:10:38PM +0100, Luca Boccassi wrote:
>On Thu, 2018-04-12 at 15:58 +0100, Steve McIntyre wrote:
>> [ Note cc to the d-efi list. SB is finally in progress after last
>> week's sprint! ]
>> Very belated, it's time we discussed this.
>> This looks like one way of doing this. Philipp Hahn is suggesting
>> we just don't include the "linux" module in our signed grub
>> build. That's simpler, but potentially causes problems elsewhere,
>> e.g. "it gets a bit nasty to try and dynamically switch between linux
>> and linuxefi in live-build". So, let's discuss - we need to agree our
>> policy and decide the best mechanism here. Go...!
>The issues I see is that until now pretty much everywhere "linux" is
>used in grub.cfg.
>This can be solved easily, and indeed Philipp has already done it, for
>local installations - the problems arise when building images.
>At least in live-build (not sure about debootstrap/live-wrapper?),
>users can provide their own grub.cfg. Personally I've never seen anyone
>use anything but "linux" in the menuentry (eg: Kali ).
>So I'd need to do something like this  in live-build:
>sed -i "s|linux\(\s\+/\w\+/vmlinuz\)|linuxefi\1|" \
>sed -i "s|initrd\(\s\+/\w\+/initrd\)|initrdefi\1|" \
>With the risk of randomly breaking with weird user's grub.cfg :-/
>I'd really like to make the process as transparent as possible for
>users, as there are already enough hoops to jump through as-is to get
>secure boot working.
>I have been using the patch from this bug in production for about a
>year as an alternative in the downstream distro at $work, and it seems
>to work fine.
>On the other hand, I imagine it's easier to verify that nothing is
>broken by removing the "linux" module rather than using this patch. So
>there's the other side of the coin.
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
< Aardvark> I dislike C++ to start with. C++11 just seems to be
handing rope-creating factories for users to hang multiple
instances of themselves.