[ Mailing various interested folks directly, and adding a CC to the
relevant lists and the DPL. If you think I've missed people off,
please let me know - my intention is not to slight anybody here. ]
Hi folks,
We've had more discussion over the last few days about how we
could/should implement UEFI Secure Boot infrastructure in Debian
[1-4]. I hope that we've got past the "should we do this or not"
diversions. It's time that we got together to finish the discussion
and get things up and running.
We've had several proposed routes to make the infrastructure work:
* "byhand" or similar, driving things from ftpmaster getting the
package maintainer do the work to combine unsigned binaries with
sigs then upload again
* "dh_sign", driving things from the maintainer scripts running on
buildds, uploading automatically to the archive
* a hybrid of these: driving things from buildd, but returning the
sigs to the maintainer (somehow) to combine and upload
There are pros and cons and for all routes, but I believe that it
should be possible to work together to design something that will do
what we need without triggering too many objections or security fears.
Sprint proposal
===============
I propose that the interested people get together for a sprint *in
early 2018*. We should have the following people to *agree a design*
and *implement* that design:
* (at least one) DSA member, able to do sysadmin-level things
needed. Tollef and Julien have already been working in this area
and understand what we're trying to do.
* (at least one) ftpmaster, able to implement and/or review any
needed changes in dak. Ansgar, Joerg and Luk have been involved in
discussions already and understand the problem space.
* (at least one) buildd software maintainer, able to implement and/or
review any needed changes in the buildd stack.
* maintainers of the packages that we expect to use the
infrastructure (Linux kernel, grub, fwupdate), so we can work
through example uploads and test things. Ben obviously covers the
kernel side, and I have access for the grub and fwupdate packages.
* Helen has been the primary developer working in this area so far,
providing code for two of the proposals so far and helping to drive
discussion. She should be there!
I expect that 3-4 days together should be enough for us to make this
work. To be honest, I'd hope that 2 day might be enough for what we
need, but 3-4 days should give us sufficient time to experiment and
play with things. We don't *have* to have everybody together
physically in one place, but experience tells me that would be by far
the most effective and efficient way to do things.
So... Please respond with:
=====================================================================
a) your willingness to take part in this sprint
b) your availability to travel for this sprint
c) ideas on when/where we could meet up, if you have any
=====================================================================
and we'll get something sorted out. My own preferences would be to try
and arrange something in January (maybe) in Europe (as most of the
people are in Europe!), but those are not hard and fast. Maybe Germany
to make it easier for Joerg/Ansgar to join us?
If we don't have this done by the end of March, I don't think we'll
ever get Secure Boot in Debian.
@lamby: adding you in CC early for sprint budget approval. Clearer
details to follow!
[1] https://wiki.debian.org/SecureBoot#Wrap-up_of_the_discussions_so_far
[2] https://lists.debian.org/debian-efi/2017/10/msg00029.html
[3] https://lists.debian.org/debian-efi/2017/11/msg00007.html
[4] https://lists.debian.org/debian-efi/2017/11/msg00008.html
--
Steve McIntyre, Cambridge, UK. steve@einval.com
< Aardvark> I dislike C++ to start with. C++11 just seems to be
handing rope-creating factories for users to hang multiple
instances of themselves.
Attachment:
signature.asc
Description: PGP signature