Re: Where are we with SB? What's missing?
On Tue, Dec 04, 2018 at 09:33:33PM +0100, Ansgar Burchardt wrote:
>Steve McIntyre writes:
>> On Tue, Nov 27, 2018 at 08:50:16PM +0100, Bastian Blank wrote:
>>>On Wed, Oct 31, 2018 at 03:39:01AM +0000, Ben Hutchings wrote:
>>>> > OK. What's needed? Is this a blocker for us pre-Buster?
>>>> No, it's not a blocker.
>>>So we don't have any blockers. What do we need to do for switching to
>>>the production key?
>> AFAICS now we need ftpmaster to turn this on. Luke/Ansgar - can we get
>> an ETA please? Buster freeze is getting awfully close...
>I think I have to give up on getting the secure boot service to run
>properly unattended before that; but that can still happen later.
>People might have to ping ftp-master when something needs to be signed
>for a while.
While it's clearly not where we want to be, that sounds like a fair
short-term plan, I think.
>Do any packages we sign (fwupd, fwupdate, grub2, linux) have hardcoded
>keys they trust? linux has one (the trusted key for signing modules).
>Are there any other keys that need to be switched for production?
Mario has already answered for fwupd and fwupdate. Linux is complex,
and Ben is the expert there. I'm reasonably happy about grub2.
>Have we tested that grub2 and linux do not allow loading unsigned
>kernels / modules? (AFAIK yes, but let's make sure.)
It's definitely worth making sure, yes.
>Do fwupd, fwupdate have anything we need to test? Do they allow loading
>extensions or anything else that allows running arbitrary code?
>Anything else we need to check?
I'd like to test the whole thing end-to-end and validate at each step,
ideally, using real machines. I've not had a chance to do that yet,
and I feel bad about that. :-/
Steve McIntyre, Cambridge, UK. email@example.com
"I suspect most samba developers are already technically insane... Of
course, since many of them are Australians, you can't tell." -- Linus Torvalds