On 08/30/2013 08:21 AM, Josh Boyer wrote: > Hi All, > > I've been working on rebasing Fedora's secure boot approach to using the > secure_module patches Matthew Garrett posted upstream. Below are the > changes to do this. > > Things to note: > > 1) Most people won't even notice a change as the impacts to userspace > remain the same. > > 2) We're dropping the pekey patches. It's a large chunk of code that is > dead upstream and has no usage within Fedora. > > 3) The kexec patch should likely get reworked to prevent loading, and > that has been noted upstream. > > 4) At some point we'll look at adding support for hibernate likely via > the patches that OpenSUSE has introduced. > > 5) This falls back to using the upstream .modsign_keyring instead of > .system_keyring. The concept of a system keyring is decent, but at the > moment it isn't going anywhere upstream. We can look at switching back > at some point in the future. > > josh Not-sure-if-supposed-to-acked-by: Prarit Bhargava <prarit@xxxxxxxxxx> :) Looks good Josh ... thanks :) P. _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
