On Mon, 2015-08-03 at 12:46 +0200, Holger Levsen wrote:
> Hi,
> On Montag, 3. August 2015, Ben Hutchings wrote:
> > See <https://lists.debian.org/debian-kernel/2013/08/msg00267.html>.
> Thanks.
> That seems to say that a.) only the kernel team can sign kernels, so no user 
> signed kernels??

Only the FTP team will be able to get shim signed by the Microsoft CA.
Only the FTP team will be able to sign GRUB and the kernel using the
private key for which the public part is embedded in shim.

Users can add further trusted keys at boot time through the BIOS setup
program or shim; then they can use their own signed kernels.

> and b.) only amd64, while I believe uefi arm mainboards are 
> there already or will be soon?

I don't think they support Secure Boot though.  If they do, and if they
allow users to change the trusted keys, then we should sign for arm64
as well.


Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.

Attachment: signature.asc
Description: This is a digitally signed message part

Reproducible-builds mailing list

Reply via email to