On Fri, Aug 30, 2013 at 08:21:28AM -0400, Josh Boyer wrote: > I've been working on rebasing Fedora's secure boot approach to using the > secure_module patches Matthew Garrett posted upstream. Below are the > changes to do this. > > Things to note: > > 1) Most people won't even notice a change as the impacts to userspace > remain the same. > > 2) We're dropping the pekey patches. It's a large chunk of code that is > dead upstream and has no usage within Fedora. > > 3) The kexec patch should likely get reworked to prevent loading, and > that has been noted upstream. > > 4) At some point we'll look at adding support for hibernate likely via > the patches that OpenSUSE has introduced. > > 5) This falls back to using the upstream .modsign_keyring instead of > .system_keyring. The concept of a system keyring is decent, but at the > moment it isn't going anywhere upstream. We can look at switching back > at some point in the future. > ACK or something. ;-) _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
