Am 15.05.2018 um 11:41 schrieb Steve McIntyre:
> On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote:
>> On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote:
>>> On Tue, 15 May 2018 03:32:26 +0100 Ben Hutchings <> 
>>> wrote:
>>>>>> The second point (have DAK accept ...) is part of step 7, yes.  It
>>>>>> seems to have been implemented now.
>>>>>  Then, remaining blocker is only template for GRUB2?
>>>> For testing purposes, I think so.  I don't know whether GRUB implements
>>>> the policy we want at the moment.

@benh: you meat to *only* boot signed stuff and not fall back to
disabling SB before booting an unsigned kernel?
That should be addressed by

>>>  Is there any issue to apply such policy to grub2 package, or just not
>>>  discussed yet?
>> Either nobody's tried to discuss it with me yet or I missed the email.
>> Feel free to (preferably in the form of a patch I can review :-) ).
> At / shortly after the sprint, Philipp (in CC) had patches basically
> ready for grub2, but he seems to have gone quiet. <prod>

I was busy working on our release, which took all my time.
And I'm not subscribed to debian-project.

My last work it at <>.
In the week after the sprint I worked on GRUB2 and got it so far to have
the signed amd64 package - so at the time of writing the sprint report
GRUB2 was already ready.

I haven't yet found time to setup an UEFI-SB test environment to check
that everything works.

I haven't yet tested any other architecture != amd64.

@Colin: Please have a look at said repository above.
What I'm currently unsure about is that amd64 has those ia32 packages as
well - it should work but also untested.
My reading is that those are required for dual booting?


Reply via email to