On Tue, 2018-12-04 at 23:42 +0000, Steve McIntyre wrote: > On Tue, Dec 04, 2018 at 09:33:33PM +0100, Ansgar Burchardt wrote: > > Steve McIntyre writes: > > > On Tue, Nov 27, 2018 at 08:50:16PM +0100, Bastian Blank wrote: > > > > On Wed, Oct 31, 2018 at 03:39:01AM +0000, Ben Hutchings wrote: > > > > > > OK. What's needed? Is this a blocker for us pre-Buster? > > > > > No, it's not a blocker. > > > > > > > > So we don't have any blockers. What do we need to do for switching to > > > > the production key? > > > > > > AFAICS now we need ftpmaster to turn this on. Luke/Ansgar - can we get > > > an ETA please? Buster freeze is getting awfully close... > > > > I think I have to give up on getting the secure boot service to run > > properly unattended before that; but that can still happen later. > > People might have to ping ftp-master when something needs to be signed > > for a while. > > While it's clearly not where we want to be, that sounds like a fair > short-term plan, I think. > > > Do any packages we sign (fwupd, fwupdate, grub2, linux) have hardcoded > > keys they trust? linux has one (the trusted key for signing modules). > > Are there any other keys that need to be switched for production? > > Mario has already answered for fwupd and fwupdate. Linux is complex, > and Ben is the expert there. I'm reasonably happy about grub2. Ansgar is right, linux just has the module key built-in. > > Have we tested that grub2 and linux do not allow loading unsigned > > kernels / modules? (AFAIK yes, but let's make sure.) > > It's definitely worth making sure, yes. I haven't tested this recently in linux. Is it practicable to add and check the trust information I proposed at <https://wiki.debian.org/SecureBoot#Describing_the_trust_chain>? (This would need to be added to all template packages.) Ben. > > Do fwupd, fwupdate have anything we need to test? Do they allow loading > > extensions or anything else that allows running arbitrary code? > > > > Anything else we need to check? > > I'd like to test the whole thing end-to-end and validate at each step, > ideally, using real machines. I've not had a chance to do that yet, > and I feel bad about that. :-/ > -- Ben Hutchings Experience is directly proportional to the value of equipment destroyed - Carolyn Scheppner
Attachment:
signature.asc
Description: This is a digitally signed message part