On Mon, 2015-08-03 at 12:46 +0200, Holger Levsen wrote: > Hi, > > On Montag, 3. August 2015, Ben Hutchings wrote: > > See <https://lists.debian.org/debian-kernel/2013/08/msg00267.html>. > > Thanks. > > That seems to say that a.) only the kernel team can sign kernels, so no user > signed kernels??
Only the FTP team will be able to get shim signed by the Microsoft CA. Only the FTP team will be able to sign GRUB and the kernel using the private key for which the public part is embedded in shim. Users can add further trusted keys at boot time through the BIOS setup program or shim; then they can use their own signed kernels. > and b.) only amd64, while I believe uefi arm mainboards are > there already or will be soon? I don't think they support Secure Boot though. If they do, and if they allow users to change the trusted keys, then we should sign for arm64 as well. Ben. -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
Description: This is a digitally signed message part
_______________________________________________ Reproducible-builds mailing list Reproduciblefirstname.lastname@example.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds