On Mon, 2018-07-30 at 14:08 +0200, Philipp Hahn wrote: > Hello Helen, helle Steve L, > > I just returned today to work after vacations, so sorry for the late > reply. > > Am 20.07.2018 um 01:18 schrieb Helen Koike: > > I started the slides for DebConf presentation. > > > > https://salsa.debian.org/koike-guest/sb-debconf2018-slides > > ... > > Someone: grub current state? > > Collin merged Lucas and my patch-set yesterday and seems to be busy > fixing some test failures: > <https://salsa.debian.org/grub-team/grub/commits/master> > So I expect a new version to be releases shortly. > > Depending on the state of the Signing-Box we also should see signed > binaries, too ;-) One thing that might be worth mentioning, since it will be useful for downstream distros, is that the signed monolithic Grub EFI binary gets its installation path in the ESP hard-coded at build time based on the distro vendor, eg: EFI/debian in our case. We added package metadata so that downstream distros (or users) that build live images can query it with: dpkg-query -f='\${Efi-Vendor}' -W grub-efi-<ARCH>-bin We are already using this in live-build, for example. Another fact perhaps worth mentioning since it's not default behaviour and we change it with a patch, is that, if Secure Boot is enabled, Grub will refuse to load an unsigned kernel. -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part