Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

Hi all, Change author here. I think that everything is on-track now. Sorry I hadn't seen any of these messages before, there's a newer post over here (https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/L64OGN7XWO7VQEUDKFB3IJ2HYUFTSPFA/) and I hadn't realised that

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Friday, 05 April 2019 at 10:00, Petr Pisar wrote: [...] > What's the point of encrypting /boot? All the executed bits from /boot > (grub, kernel, and initramdisk) are measured by TPM. Thus if somebody > tampers them, root file system decryption that uses TPM will fail. Not everyone has a TPM ch

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Fri, 5 Apr 2019 at 04:01, Petr Pisar wrote: > > > Well, why can't we have LUKS1-encrypted /boot and enter the encryption > > password by hand? That's still better than unencrypted /boot. > > > What's the point of encrypting /boot? All the executed bits from /boot > (grub, kernel, and initramdi

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On 2019-04-03, Dominik 'Rathann' Mierzejewski wrote: > On Wednesday, 03 April 2019 at 21:30, Chris Murphy wrote: >> On Wed, Apr 3, 2019 at 2:58 AM Dominik 'Rathann' Mierzejewski >> wrote: >> > >> > On Thursday, 28 March 2019 at 17:30, Ben Cotton wrote: >> > > On Mon, Mar 25, 2019 at 4:12 PM Ben C

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Wednesday, 03 April 2019 at 21:30, Chris Murphy wrote: > On Wed, Apr 3, 2019 at 2:58 AM Dominik 'Rathann' Mierzejewski > wrote: > > > > On Thursday, 28 March 2019 at 17:30, Ben Cotton wrote: > > > On Mon, Mar 25, 2019 at 4:12 PM Ben Cotton wrote: > > > > > > > > https://fedoraproject.org/wiki/

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Wed, Apr 3, 2019 at 2:58 AM Dominik 'Rathann' Mierzejewski wrote: > > On Thursday, 28 March 2019 at 17:30, Ben Cotton wrote: > > On Mon, Mar 25, 2019 at 4:12 PM Ben Cotton wrote: > > > > > > https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 > > > > > This Change prop

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Thursday, 28 March 2019 at 17:30, Ben Cotton wrote: > On Mon, Mar 25, 2019 at 4:12 PM Ben Cotton wrote: > > > > https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 > > > This Change proposal is on hold. Too bad. As a long-time SecureBoot user, I was looking forward to

Re: F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

On Mon, Mar 25, 2019 at 4:12 PM Ben Cotton wrote: > > https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 > This Change proposal is on hold. -- Ben Cotton Fedora Program Manager TZ=America/Indiana/Indianapolis Pronouns: he/him

F31 Self-Contained Change proposal: Include several modules in the EFI build of Grub2 for security use-cases

https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 == Summary == Include Grub's "verify," "cryptodisk" and "luks" modules (and if necessary, relevant "gcry" modules) in grubx64.efi of the 'grub2-efi-x64' package. == Owner == * Name: [[User:pjones| Peter Jones]] * Email: