Your message dated Thu, 2 May 2019 22:49:49 +0200
with message-id <[email protected]>
and subject line Re: Bug#925971: release-notes: should mention secure boot in
d-i
has caused the Debian Bug report #925971,
regarding release-notes: should mention secure boot in d-i
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925971: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release-notes
X-Debbugs-CC: [email protected]
As now discussion on the RT sprint, the release notes should probably
say something about the work on secure boot.
I wouldn't know what to put in, so proposals are welcome. Until that
time, I file this bug to not forget.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Hi Ben, Holger,
On 22-04-2019 00:25, Ben Hutchings wrote:
> On Fri, 2019-03-29 at 16:45 +0100, Paul Gevers wrote:
>> Package: release-notes
>> X-Debbugs-CC: [email protected]
>>
>> As now discussion on the RT sprint, the release notes should probably
>> say something about the work on secure boot.
>>
>> I wouldn't know what to put in, so proposals are welcome. Until that
>> time, I file this bug to not forget.
>
> I don't have a complete proposed text, but I think the key points to
> include are:
>
> * Secure Boot is a feature enabled on most PCs that prevents loading
> unsigned code, protecting against some kinds of bootkit and rootkit.
>
> * Debian can now be installed and run on most PCs with Secure Boot
> enabled.
>
> * It is possible to enable Secure Boot on a system that has an existing
> Debian installation, if it already boots using UEFI. Before doing
> this, it's necessary to install shim-signed, grub-efi-amd64-signed or
> grub-efi-ia32-signed, and a Linux kernel package from buster.
>
> * Some features of GRUB and Linux are restricted in Secure Boot mode,
> to prevent modifications to their code.
>
> * More information can be found on the Debian wiki at
> <https://wiki.debian.org/SecureBoot>.
For now (I do expect improvements after review, but didn't want to
wait), I have basically committed the text above:
https://salsa.debian.org/ddp-team/release-notes/commit/90a9a34
as well as applied more or less the update proposed by Holger:
https://salsa.debian.org/ddp-team/release-notes/commit/f112557
Thanks
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
