On Mon, Aug 22, 2016 at 7:17 PM, Laura Abbott <labbott@xxxxxxxxxx> wrote: > On 08/22/2016 02:50 PM, Chris Murphy wrote: >> >> On Mon, Aug 22, 2016 at 3:14 PM, Laura Abbott <labbott@xxxxxxxxxx> wrote: >>> >>> On 08/22/2016 01:16 PM, Chris Murphy wrote: >>>> >>>> >>>> On Mon, Aug 22, 2016 at 2:08 PM, John Dulaney <jdulaney@xxxxxxx> wrote: >>>>> >>>>> >>>>> On Mon, Aug 22, 2016 at 12:28:18PM -0700, Laura Abbott wrote: >>>>>> >>>>>> >>>>>> The secure boot patches have been around in the Fedora tree for a >>>>>> while >>>>>> now. >>>>>> They work well enough but there has not been much active work in >>>>>> getting >>>>>> them accepted upstream in recent years. The longer they exist out of >>>>>> tree >>>>>> the harder they get to maintain without extra support. If there isn't >>>>>> a >>>>>> path for the current secure boot patch set to be accepted upstream, we >>>>>> need >>>>>> to seriously consider if it's worth carrying long term. >>>>>> >>>>>> Thoughts? >>>>> >>>>> >>>>> >>>>> So, how would we handle secure boot moving forward? >>>> >>>> >>>> >>>> How are other distros handling this? Does upstream have an alternative? >>>> >>> >>> There isn't one unified answer. Every distro seems to be doing something >>> different because upstream hasn't provided a single solution. >>> >>> Moving forward, we would treat secure boot like feature that is still >>> in progress. This means taking the existing secure boot patches or >>> a new approach and submitting them in a way that's acceptable to the >>> upstream >>> community. This is also code for "I don't know but what we have isn't >>> sustainable so let's discuss something better". >> >> >> Of course. >> >> What patch set are Red Hat and CentOS using? If they're not all using >> the same thing is it viable to get them all using the same thing? >> >> I'd think that without an upstream solution that this must be an issue >> for all the distros supporting Secure Boot in one form or another. >> Hmm, no schedule yet for Linux Kernel Summit and Linux Plumbers >> Conference. >> >> Without Secure Boot we run up against making dual boot with Windows >> messier for users, effectively encouraging them to permanently leave >> it off which possibly opens them up to bootloader malware with their >> Windows installation. Most users will not flip Secure Boot >> enabled/disabled when going between Fedora and Windows, they'll just >> give up and leave it disabled, in my estimation. (I sorta hate dual >> boot, but that's beside the point.) >> > > Right. Secure boot _is_ an important feature. Secure Boot is an important feature, I continuously question whether dual boot really is; but for now I accept it needs to be fairly bullet proof. And therefore Secure Boot needs to be supported, even if there were a fully acceptable substitute. I guess with measured boot, whatever runtime services are available after ExitBootServices() maybe could still be compromised, which ostensibly should not be true with Secure Boot? *shrug* so maybe they're still different things with some overlap (policy wise anyway). >> Disregarding the dual boot case, is some form of measured boot a >> better way forward? I have no idea what the state of hardware is with >> TPM vs Secure Boot. >> > > There is a TPM microconference happening at Plumbers (I think?). Dunno, I haven't seen the preliminary stuff and there's no schedule up for summit or plumbers still. -- Chris Murphy _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/kernel@xxxxxxxxxxxxxxxxxxxxxxx
