On Fri, Aug 30, 2013 at 08:58:14AM -0400, Prarit Bhargava wrote: > On 08/30/2013 08:21 AM, Josh Boyer wrote: > > Hi All, > > > > I've been working on rebasing Fedora's secure boot approach to using the > > secure_module patches Matthew Garrett posted upstream. Below are the > > changes to do this. > > > > Things to note: > > > > 1) Most people won't even notice a change as the impacts to userspace > > remain the same. > > > > 2) We're dropping the pekey patches. It's a large chunk of code that is > > dead upstream and has no usage within Fedora. > > > > 3) The kexec patch should likely get reworked to prevent loading, and > > that has been noted upstream. > > > > 4) At some point we'll look at adding support for hibernate likely via > > the patches that OpenSUSE has introduced. > > > > 5) This falls back to using the upstream .modsign_keyring instead of > > .system_keyring. The concept of a system keyring is decent, but at the > > moment it isn't going anywhere upstream. We can look at switching back > > at some point in the future. > > > > josh > > Not-sure-if-supposed-to-acked-by: Prarit Bhargava <prarit@xxxxxxxxxx> Of course. More eyes always welcome. > :) > > Looks good Josh ... thanks :) Thanks. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
