Hi, Just a ping question, is there any progress for grub2 package? If not, what's the blocker for it?
On Wed, 16 May 2018 10:05:21 +0200 Philipp Hahn <[email protected]> wrote: > Moin, > > Am 15.05.2018 um 11:41 schrieb Steve McIntyre: > > On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote: > >> On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote: > >>> On Tue, 15 May 2018 03:32:26 +0100 Ben Hutchings <[email protected]> > >>> wrote: > >>>>>> The second point (have DAK accept ...) is part of step 7, yes. It > >>>>>> seems to have been implemented now. > >>>>> > >>>>> Then, remaining blocker is only template for GRUB2? > >>>> > >>>> For testing purposes, I think so. I don't know whether GRUB implements > >>>> the policy we want at the moment. > > @benh: you meat to *only* boot signed stuff and not fall back to > disabling SB before booting an unsigned kernel? > That should be addressed by > <https://salsa.debian.org/pmhahn/grub/commit/fe06193ff5a36ee6aa6a6cab12f4651b6290d91b> > > >>> Is there any issue to apply such policy to grub2 package, or just not > >>> discussed yet? > >> > >> Either nobody's tried to discuss it with me yet or I missed the email. > >> Feel free to (preferably in the form of a patch I can review :-) ). > > > > At / shortly after the sprint, Philipp (in CC) had patches basically > > ready for grub2, but he seems to have gone quiet. <prod> > > I was busy working on our release, which took all my time. > And I'm not subscribed to debian-project. > > My last work it at <https://salsa.debian.org/pmhahn/grub/tree/signing>. > In the week after the sprint I worked on GRUB2 and got it so far to have > the signed amd64 package - so at the time of writing the sprint report > GRUB2 was already ready. > > I haven't yet found time to setup an UEFI-SB test environment to check > that everything works. > > I haven't yet tested any other architecture != amd64. > > @Colin: Please have a look at said repository above. > What I'm currently unsure about is that amd64 has those ia32 packages as > well - it should work but also untested. > My reading is that those are required for dual booting? > > Philipp -- Regards, Hideki Yamane henrich @ debian.org/iijmio-mail.jp
