On Tue, 2018-12-04 at 23:42 +0000, Steve McIntyre wrote:
> On Tue, Dec 04, 2018 at 09:33:33PM +0100, Ansgar Burchardt wrote:
> > Steve McIntyre writes:
> > > On Tue, Nov 27, 2018 at 08:50:16PM +0100, Bastian Blank wrote:
> > > > On Wed, Oct 31, 2018 at 03:39:01AM +0000, Ben Hutchings wrote:
> > > > > > OK. What's needed? Is this a blocker for us pre-Buster?
> > > > > No, it's not a blocker.
> > > >
> > > > So we don't have any blockers. What do we need to do for switching to
> > > > the production key?
> > >
> > > AFAICS now we need ftpmaster to turn this on. Luke/Ansgar - can we get
> > > an ETA please? Buster freeze is getting awfully close...
> >
> > I think I have to give up on getting the secure boot service to run
> > properly unattended before that; but that can still happen later.
> > People might have to ping ftp-master when something needs to be signed
> > for a while.
>
> While it's clearly not where we want to be, that sounds like a fair
> short-term plan, I think.
>
> > Do any packages we sign (fwupd, fwupdate, grub2, linux) have hardcoded
> > keys they trust? linux has one (the trusted key for signing modules).
> > Are there any other keys that need to be switched for production?
>
> Mario has already answered for fwupd and fwupdate. Linux is complex,
> and Ben is the expert there. I'm reasonably happy about grub2.
Ansgar is right, linux just has the module key built-in.
> > Have we tested that grub2 and linux do not allow loading unsigned
> > kernels / modules? (AFAIK yes, but let's make sure.)
>
> It's definitely worth making sure, yes.
I haven't tested this recently in linux.
Is it practicable to add and check the trust information I proposed at
<https://wiki.debian.org/SecureBoot#Describing_the_trust_chain>? (This
would need to be added to all template packages.)
Ben.
> > Do fwupd, fwupdate have anything we need to test? Do they allow loading
> > extensions or anything else that allows running arbitrary code?
> >
> > Anything else we need to check?
>
> I'd like to test the whole thing end-to-end and validate at each step,
> ideally, using real machines. I've not had a chance to do that yet,
> and I feel bad about that. :-/
>
--
Ben Hutchings
Experience is directly proportional to the value of equipment destroyed
- Carolyn Scheppner
Attachment:
signature.asc
Description: This is a digitally signed message part