Perhaps we should find time to hack at DebConf
-T
On Tue, Aug 19, 2014 at 5:16 PM, Steve McIntyre wrote:
> On Tue, Aug 19, 2014 at 01:38:44PM -0700, Ben Hutchings wrote:
>>
>>So far as I know, no progress has been made on the above steps or any
>>alternate approach.
>
> Ditto, I've not seen (or
On Tue, Aug 19, 2014 at 01:38:44PM -0700, Ben Hutchings wrote:
>
>So far as I know, no progress has been made on the above steps or any
>alternate approach.
Ditto, I've not seen (or done) anything about this.
--
Steve McIntyre, Cambridge, UK.st...@einval.com
Mat
On Thu, 2014-08-14 at 23:38 +0200, Cyril Brulebois wrote:
[...]
> > 1. Colin Watson will prepare dak changes to support upload and
> > subsequent signing of EFI executables. (This is an embedded, not
> > detached, signature.)
> >
> > 2. Steve Langasek will prepare and upload a package of the 'shi
Hi Ben,
Ben Hutchings (2013-08-13):
> Colin Watson and Stefano Rivera talked about how Ubuntu had implemented
> Secure Boot and what they believed were the requirements.
>
> Apparently, the Secure Boot spec requires each stage of the boot code
> to validate signatures only until ExitBootServices
On Wed, 2013-08-14 at 11:10 +0200, Karsten Merker wrote:
[...]
> Hello,
>
> how is booting a self-built kernel handled in this case? I am
> rather new to this topic as I currently do not own any
> secure-boot capable hardware, so maybe I am misunderstanding
> something.
>
> If I understand things
On Wed, Aug 14, 2013 at 12:30:55AM +0200, Ben Hutchings wrote:
> Editing of binary packages is icky, so that's not part of the plan.
> Instead, after dak signs an executable, the package maintainer downloads
> and copies those into a separate 'source' package, which has a trivial
> debian/rules. (
On Tue, 2013-08-13 at 23:38 +0200, Cyril Brulebois wrote:
[...]
> > 4. The kernel team may also need to upload kernel images for signing and
> > add linux-image-signed packages with the Debian-signed kernel images.
> > This is because some quirks in the kernel should be run before calling
> > Exit
Cyril Brulebois wrote:
> (Sorry, I'm new to all this) do you mean (1) the regular linux image
> packages are getting a signature added, and we're using those like we do
> today, or (2) that we'll have additional linux image packages with the
> signatures to be used instead of the usual linux image
Hi,
many thanks for the summary.
Ben Hutchings (2013-08-13):
> Colin Watson and Stefano Rivera talked about how Ubuntu had implemented
> Secure Boot and what they believed were the requirements.
>
> Apparently, the Secure Boot spec requires each stage of the boot code to
> validate signatures o
On Tue, 2013-08-13 at 22:54 +0200, Ben Hutchings wrote:
> Colin Watson and Stefano Rivera talked about how Ubuntu had implemented
> Secure Boot and what they believed were the requirements.
[...]
Sorry, I'm having name confusion here. Who do I really mean?
Ben.
--
Ben Hutchings
Experience is w
Colin Watson and Stefano Rivera talked about how Ubuntu had implemented
Secure Boot and what they believed were the requirements.
Apparently, the Secure Boot spec requires each stage of the boot code to
validate signatures only until ExitBootServices() is called. (At this
point the firmware makes
11 matches
Mail list logo