Bug#821051: Need support for uploading and signing EFI executables

2019-04-14 Thread Ben Hutchings
On Fri, 03 Aug 2018 21:49:19 +0800 Ben Hutchings wrote: > Control: retitle -1 ftp.debian.org: Get signing service running > > At the Secure Boot sprint > a new > architecture for code signing was agreed, and the implementation now >

Bug#821051: Need support for uploading and signing EFI executables

2018-08-03 Thread Ben Hutchings
Control: retitle -1 ftp.debian.org: Get signing service running At the Secure Boot sprint a new architecture for code signing was agreed, and the implementation now exists at . This

Bug#821051: Need support for uploading and signing EFI executables

2016-10-21 Thread Helen Koike
On 2016-10-18 07:34 PM, Ansgar Burchardt wrote: Ben Hutchings writes: On Tue, 2016-10-18 at 22:55 +0200, Ansgar Burchardt wrote: Is there any documentation how this is supposed to work? Nothing comprehensive as yet. Where should it go? It doesn't need to be comprehensive. I just would

Bug#821051: Need support for uploading and signing EFI executables

2016-10-18 Thread Ben Hutchings
On Tue, 2016-10-18 at 23:34 +0200, Ansgar Burchardt wrote: > Ben Hutchings writes: > > On Tue, 2016-10-18 at 22:55 +0200, Ansgar Burchardt wrote: > > > Is there any documentation how this is supposed to work? > > > > > > Nothing comprehensive as yet.  Where should it go? > > > It doesn't need

Bug#821051: Need support for uploading and signing EFI executables

2016-10-18 Thread Julien Cristau
On Tue, Oct 18, 2016 at 22:55:19 +0200, Ansgar Burchardt wrote: > Is there a way to not pass the pin via command-line arguments as > currently implemented in [1]? > Linux's sign-file, which is used for kernel modules, reads the KBUILD_SIGN_PIN environment variable. Cheers, Julien

Bug#821051: Need support for uploading and signing EFI executables

2016-10-18 Thread Ansgar Burchardt
Ben Hutchings writes: > On Tue, 2016-10-18 at 22:55 +0200, Ansgar Burchardt wrote: >> Is there any documentation how this is supposed to work? > > Nothing comprehensive as yet. Where should it go? It doesn't need to be comprehensive. I just would like to understand what needs to happen. >>

Bug#821051: Need support for uploading and signing EFI executables

2016-10-18 Thread Ben Hutchings
On Tue, 2016-10-18 at 22:55 +0200, Ansgar Burchardt wrote: > Steve McIntyre writes: > > As discussed with various people in the past, for UEFI Secure Boot to > > work we'll need changes in dak (and elsewhere?) to support upload and > > signing of EFI executables. > > > > Colin has pointed at the

Bug#821051: Need support for uploading and signing EFI executables

2016-10-18 Thread Ansgar Burchardt
Steve McIntyre writes: > As discussed with various people in the past, for UEFI Secure Boot to > work we'll need changes in dak (and elsewhere?) to support upload and > signing of EFI executables. > > Colin has pointed at the code in launchpad as inspiration: > >

Bug#821051: Need support for uploading and signing EFI executables

2016-04-14 Thread Steve McIntyre
Package: ftp.debian.org Control: block 820036 with -1 Hi folks, As discussed with various people in the past, for UEFI Secure Boot to work we'll need changes in dak (and elsewhere?) to support upload and signing of EFI executables. Colin has pointed at the code in launchpad as inspiration: