Re: Where are we with SB? What's missing?

To: Ben Hutchings <ben@decadent.org.uk>, Steve McIntyre <steve@einval.com>
Cc: Bastian Blank <waldi@debian.org>, debian-efi@lists.debian.org, Luke Faraone <lfaraone@debian.org>
Subject: Re: Where are we with SB? What's missing?
From: Ansgar Burchardt <ansgar@43-1.org>
Date: Fri, 07 Dec 2018 12:21:38 +0100
Message-id: <[🔎] 18361414a2975e55d9c19893bef82a4330924b80.camel@43-1.org>
In-reply-to: <[🔎] eaff020d3dc1eb8ab4009bebb39713266d70abb9.camel@decadent.org.uk>
References: <20181005180116.v6knu3y4dwhm6iuu@tack.einval.com> <77c954bc179c19dd5ddf8a51221196c3bd0e0896.camel@43-1.org> <20181011155848.4ikpjtiwqe2wqljj@tack.einval.com> <f70a98b80381669af9987ac26e5002fdf5c04442.camel@decadent.org.uk> <20181030012654.tgitf2zjiq6dw6qr@tack.einval.com> <2e45405ab75256fe146ffd0c7596dc2cac3652f8.camel@decadent.org.uk> <20181127195016.yhr432bpmbtyvti6@shell.thinkmo.de> <[🔎] 20181204023808.c76sbjw5nwalovlw@tack.einval.com> <[🔎] 87r2exkp5u.fsf@marvin.43-1.org> <[🔎] 20181204234252.7ti4f46x2tk4aqlu@tack.einval.com> <[🔎] eaff020d3dc1eb8ab4009bebb39713266d70abb9.camel@decadent.org.uk>

On Wed, 2018-12-05 at 03:40 +0000, Ben Hutchings wrote:
> On Tue, 2018-12-04 at 23:42 +0000, Steve McIntyre wrote:
> > > Have we tested that grub2 and linux do not allow loading unsigned
> > > kernels / modules? (AFAIK yes, but let's make sure.)
> > 
> > It's definitely worth making sure, yes.
> 
> I haven't tested this recently in linux.
> 
> Is it practicable to add and check the trust information I proposed at
> <https://wiki.debian.org/SecureBoot#Describing_the_trust_chain>;?  (This
> would need to be added to all template packages.)

As far as I understand this would contain one key for linux and an
empty list for all other packages for now?

Addig that check to the code signing service shouldn't be too hard; it
can be improved later.  (I would like to be able to use different keys
eventually for key rollover or non-production keys for testing new
stuff.)

Ansgar

Reply to:

References:
- Re: Where are we with SB? What's missing?
  - From: Steve McIntyre <steve@einval.com>
- Re: Where are we with SB? What's missing?
  - From: Ansgar Burchardt <ansgar@43-1.org>
- Re: Where are we with SB? What's missing?
  - From: Steve McIntyre <steve@einval.com>
- Re: Where are we with SB? What's missing?
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#915794: fwupd: Wacom tablet stops working when fwupd runs
Next by Date: Re: Where are we with SB? What's missing?
Previous by thread: Re: Where are we with SB? What's missing?
Next by thread: Re: Where are we with SB? What's missing?
Index(es):
- Date
- Thread