On Mon, 2018-07-30 at 14:08 +0200, Philipp Hahn wrote:
> Hello Helen, helle Steve L,
>
> I just returned today to work after vacations, so sorry for the late
> reply.
>
> Am 20.07.2018 um 01:18 schrieb Helen Koike:
> > I started the slides for DebConf presentation.
> >
> > https://salsa.debian.org/koike-guest/sb-debconf2018-slides
>
> ...
> > Someone: grub current state?
>
> Collin merged Lucas and my patch-set yesterday and seems to be busy
> fixing some test failures:
> <https://salsa.debian.org/grub-team/grub/commits/master>
> So I expect a new version to be releases shortly.
>
> Depending on the state of the Signing-Box we also should see signed
> binaries, too ;-)
One thing that might be worth mentioning, since it will be useful for
downstream distros, is that the signed monolithic Grub EFI binary gets
its installation path in the ESP hard-coded at build time based on the
distro vendor, eg: EFI/debian in our case.
We added package metadata so that downstream distros (or users) that
build live images can query it with:
dpkg-query -f='\${Efi-Vendor}' -W grub-efi-<ARCH>-bin
We are already using this in live-build, for example.
Another fact perhaps worth mentioning since it's not default behaviour
and we change it with a patch, is that, if Secure Boot is enabled, Grub
will refuse to load an unsigned kernel.
--
Kind regards,
Luca BoccassiAttachment:
signature.asc
Description: This is a digitally signed message part