On Fri, Dec 20, 2019 at 03:35:28PM +0100, Perez Yves-Alexis wrote: >Hi, > >could someone from the EFI team review the MR from Luca? > >At ANSSI we are testing hardware acquired for the French administration >for various security requirements [1], one of them beeing that the >secure boot key should be updatable. > >We test this requirement by generating a small PKI and a USB key based >on various efitools/sbsigntool binaries [2]. > >The efitools version currently in Debian has a bug which prevents >updating the platform key on some implementation (for example some >Lenovo ThinkPads with AMD processors [3]). The bug is fixed in 1.9.0+ so >it'd be really nice to include it in Debian (for our use case, but more >generally for all people wanting to update the PK in their machine). > >Thanks in advance!
Hey guys, Apologies, and thanks for mentioning the MR. I hadn't realised that my salsa notifications were turned off. :-( Just looking at things now, sorry for the delay. Arnaud - are you still planning to work on efitools? Steve McIntyre, Cambridge, UK. [email protected] "I used to be the first kid on the block wanting a cranial implant, now I want to be the first with a cranial firewall. " -- Charlie Stross
