Hi,
> We're still missing (partially or completely):
> - generate a signing template for GRUB2
> - have DAK accept those generated source-only uploads
Grub2 support was finished, and how about DAK?
Currently, what is the blocker for secure boot support?
--
Regards,
Hideki Yamane henric
On Tue, Jun 19, 2018 at 07:50:15AM +0900, Hideki Yamane wrote:
> Just a ping question, is there any progress for grub2 package?
> If not, what's the blocker for it?
I had an email conversation with Philipp Hahn about this. The main
substance of my reply was:
I can't easily review this as it
Hi,
Just a ping question, is there any progress for grub2 package?
If not, what's the blocker for it?
On Wed, 16 May 2018 10:05:21 +0200
Philipp Hahn wrote:
> Moin,
>
> Am 15.05.2018 um 11:41 schrieb Steve McIntyre:
> > On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote:
> >> On Tue
On Wed, 2018-05-16 at 10:05 +0200, Philipp Hahn wrote:
> Moin,
>
> Am 15.05.2018 um 11:41 schrieb Steve McIntyre:
> > On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote:
> > > On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote:
> > > > On Tue, 15 May 2018 03:32:26 +0100 Ben Hu
Moin,
Am 15.05.2018 um 11:41 schrieb Steve McIntyre:
> On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote:
>> On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote:
>>> On Tue, 15 May 2018 03:32:26 +0100 Ben Hutchings
>>> wrote:
>> The second point (have DAK accept ...) is
On Tue, May 15, 2018 at 04:16:22AM +0100, Colin Watson wrote:
>On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote:
>> On Tue, 15 May 2018 03:32:26 +0100
>> Ben Hutchings wrote:
>> > > > The second point (have DAK accept ...) is part of step 7, yes. It
>> > > > seems to have been implem
On Tue, May 15, 2018 at 11:46:00AM +0900, Hideki Yamane wrote:
> On Tue, 15 May 2018 03:32:26 +0100
> Ben Hutchings wrote:
> > > > The second point (have DAK accept ...) is part of step 7, yes. It
> > > > seems to have been implemented now.
> > >
> > > Then, remaining blocker is only template f
Hi,
On Tue, 15 May 2018 03:32:26 +0100
Ben Hutchings wrote:
> > > The second point (have DAK accept ...) is part of step 7, yes. It
> > > seems to have been implemented now.
> >
> > Then, remaining blocker is only template for GRUB2?
>
> For testing purposes, I think so. I don't know whether
On Tue, 2018-05-15 at 11:07 +0900, Hideki Yamane wrote:
> Hi,
>
> Thanks for the clarification, Ben. Very helpful.
>
> On Mon, 14 May 2018 15:35:50 +0100
> Ben Hutchings wrote:
> > The second point (have DAK accept ...) is part of step 7, yes. It
> > seems to have been implemented now.
>
> T
Hi,
Thanks for the clarification, Ben. Very helpful.
On Mon, 14 May 2018 15:35:50 +0100
Ben Hutchings wrote:
> The second point (have DAK accept ...) is part of step 7, yes. It
> seems to have been implemented now.
Then, remaining blocker is only template for GRUB2?
--
Regards,
Hideki Y
On Mon, 2018-05-14 at 22:05 +0900, Hideki Yamane wrote:
> Hi,
>
> Thanks, your explanation is really helpful.
>
>
> > The signing service is a source package builder.
>
> It build source package but its source package is based on built binary
> package?
> As I understand, singing to binary
Hi,
Thanks, your explanation is really helpful.
> The signing service is a source package builder.
It build source package but its source package is based on built binary
package?
As I understand, singing to binary is necessary step.
1. source package
2. -> upload to dak
3. -> passed to bu
]] Hideki Yamane
> Hi,
>
> > In the end, we decided to have a signing service which will construct
> > a source package based on a "template" package and a list of files to
> > sign and upload this to be processed by the normal buildd and dak
> > processes. The signing service will also have an
Hi,
> In the end, we decided to have a signing service which will construct
> a source package based on a "template" package and a list of files to
> sign and upload this to be processed by the normal buildd and dak
> processes. The signing service will also have an audit log which makes
> it publ
]] Ian Jackson
> > Once this was agreed and various corner cases ironed out, we started
> > implementing the signing service, and the necessary changes in the
> > Linux kernel package, dak, fwupdate, shim and grub. The source for the
> > signing service can be found at
> > https://salsa.debian.or
Tollef Fog Heen writes ("UEFI Secure Boot sprint report"):
> In the end, we decided to have a signing service which will construct
> a source package based on a "template" package and a list of files to
> sign and upload this to be processed by the normal buildd and
People from the FTP team, kernel team and DSA, as well as other
interested individuals met in Fulda, Germany for a sprint with the goal
of deciding and implementing the workflow for Secure Boot.
Participants
* Ansgar Burchardt
* Joerg Jaspert
* Luke W. Faraone
* Ben Hutchings
* Tolle
17 matches
Mail list logo
