On Thu, Sep 07, 2017 at 11:50:09PM -0000, bugproxy wrote: > ------- Comment From l...@us.ibm.com 2017-09-07 19:41 EDT------- > (In reply to comment #25) > > Does IBM have any feedback for us regarding the test kernel Andy provided?
> We're planning to test this month. We'll give feedback as soon as the > test is completed. The tentative target will be Sept. 29 or sooner. > > Can you please clarify if this means you are expecting the db entry to be > > delivered as an x509 certificate issued by the CA key listed in KEK, or if > > it should be delivered according to the format defined in the UEFI spec for > > authenticated variable updates? > Our team needs to have some discussions before finalizing the expected > format. We'll get back to you soon. Thanks! Thanks. Do you have a timeline for when you will have this decision? While we have procedures in place for signing/revoking keys whenever necessary in the event of a key compromise, ordinarily this KEK key is not available for signing. We have a window when we will be able to do this signing from September 25 to September 29 and after that we do not have a window scheduled until next year, so it would be good to know before then what format you need this signed key matter to be provided in. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1696154 Title: [17.10 FEAT] Sign POWER host/NV kernels To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1696154/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
