On 23.08.2016 13:32, Josh Boyer wrote: > On Tue, Aug 23, 2016 at 7:23 AM, Thorsten Leemhuis <fedora@xxxxxxxxxxxxx> wrote: >> On 22.08.2016 23:14, Laura Abbott wrote: >> >> Hmmm. Is that really a good description of the current situation in this >> context? What patches are we actually talking about? I see about ten in >> git that are related to secure boot; among them are these: >> http://pkgs.fedoraproject.org/cgit/rpms/kernel.git/tree/Add-option-to-automatically-enforce-module-signature.patch >> http://pkgs.fedoraproject.org/cgit/rpms/kernel.git/tree/Add-secure_modules-call.patch >> http://pkgs.fedoraproject.org/cgit/rpms/kernel.git/tree/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch >> http://pkgs.fedoraproject.org/cgit/rpms/kernel.git/tree/Add-sysrq-option-to-disable-secure-boot-mode.patch > There are more. Yeah, I know; guess you missed the "[…] see about ten […]" above. Whatever, that's not why I'm writing this mail. > That was already done once. Yeah, but back then Ubuntu wasn't on board iirc, as they afaics added some of those patches only a few months ago. When 15.10 was released you could still load unsigned modules even when secure boot was enabled; that changed with a kernel update (I was told) and was different in 16.04 from the start. IOW: one more and important player in the field with similar goals. I guess that was one of the points I wanted to make but didn't state clearly enough. > […] > I don't want people to get them impression that it will be simple or > trivial to upstream. +1 Cu, knurd _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/kernel@xxxxxxxxxxxxxxxxxxxxxxx
