Hello everyone, Here are my notes from last month's cloud team meeting.
Apologies for not sending this sooner - I was surprised to find it in my drafts tonight. DSA cloud account setup ======================= Work is progressing, albeit slowly, on a custom AWS account setup for DSA. GCE confidental compute ======================= We went over a few questions related to Debian on Google compute engine. https://bugs-devel.debian.org/cgi-bin/bugreport.cgi?bug=1104461 - non-issue for trixie, but bookworm users will need to switch to the backports kernel. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120542 - fix already landed in linux stable, will be pushed out automatically. https://docs.kernel.org/next/networking/device_drivers/ethernet/intel/idpf.html - IDPF support has landed upstream, but is waiting on linux backports to make it into Debian. Secure boot expiration ====================== The Microsoft secure boot signing key will expire in the spring - shim will be signed with a new key. Bastian reported that this is scheduled to be done pretty soon. Vendor firmwares will need to support it. Debian's key will remain the same for now. Azure marketplace secure boot issues ==================================== The Azure marketplace requires that all gen2 images within a plan have the same security settings, including secure boot. The arm64 images aren't not configured for secure boot. It could be enabled, except that bullseye-backports doesn't support it. So either bullseye-backports will be deprecated from the current marketplace plan and bookworm and newer will gain secure boot on arm64, or else a new plan will be needed to enable a second set of settings. Details are still being worked out. LTS backport rollover ===================== Once again we discussed what happens when a release rolls over into LTS. The backports kernel goes away, which causes a bunch of pain for folks. Bastian plans to re-raise conversations about improving this. We tossed around a few ideas without a clear conclusion. Ross
