On Thu, 2017-06-29 at 10:19 -0400, Peter Jones wrote: > On Wed, Jun 28, 2017 at 06:53:58PM -0700, Adam Williamson wrote: > > There are five proposed blockers. My professional guesstimate *at this > > point* is that at least four of them will probably be rejected, though > > that could change with more data (attention pjones: if #1418360 and > > #1451071 are more serious than they seem to us so far, please do let us > > know). > > They absolutely are: basically Secure Boot doesn't trigger kmod > signature checking, read-only /dev/mem, etc., in the current trees. > This update fixes a grub bug that's triggering that behavior in the > newer kernels, but was not triggering it in the older ones. > > So yes, I very much think these should be blockers. Ah, from the description I thought it was purely an informational thing (just the user couldn't tell whether SB was enabled, but if it was in fact enabled, it was working properly). So basically the appropriate protections aren't put in place when SB is active, making it quite easy to subvert SB? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
