On Tue, Jan 19, 2021 at 10:43 AM Mark Pearson <markpearson@xxxxxxxxxx> wrote: > > > Some background: We need the latest kernel/alsa/pulse/libfprint and > their dependencies for supporting the new 2021 HW - and as we'll be > (hopefully) releasing before F34 is available we're looking for > F33+updates and the best way to provide that in a way that works for the > community and our preload process. We need to coordinate a shim update, one that's signed with new world keys (post-BootHole) which doesn't yet exist. Specifically, if the new hardware will come with UEFI Secure Boot enabled, it will need a preloaded image containing either pre-BootHole revocation database. Shim needs to be updated before the revocation database or the system will not boot. If this preload image is also going to form the basis for a recovery partition, this is a bigger concern because it'd be rendered unbootable once the revocation database is pushed. Fedora hasn't decided to push the revocation database automatically, but other distros do so aggressively. Microsoft has thus far delayed pushing the post-BootHole revocation db, but eventually they will sometime this year. -- Chris Murphy _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
