Bug#906124: Additional debug info
Colin Watson
cjwatson at debian.org
Mon Jul 8 14:57:08 BST 2019
On Mon, Jul 08, 2019 at 03:24:44PM +0300, Vladislav Yarmak wrote:
> First, I should explain why I consider setup with own EFI keys and PGP
> signatures not as an exotic configuration but, rather, as the only
> feasible use of Secure Boot.
Be all that as it may, since it requires a fair amount of work on the
user's side, it cannot be expected to be the common case at the moment.
> In the end, this Debian patch to grub contributes to false security
> approach and cuts user from normal use of GRUB functionality. It's
> clearly a security issue. If no proper solution appeared year
> afterwards, probably it is worth to consider rollback of this patch.
> So I'm eager to ask: is there any specific plans about this bug?
I'm not aware of anyone working on it at the moment. I won't directly
revert the patch that introduced this problem because doing so would
have too much other fallout, but I'd be happy to help you if you're
interested in working on a patch to make GRUB behave differently in the
presence of check_signatures while preserving the current default
workflow.
--
Colin Watson [cjwatson at debian.org]
More information about the Pkg-grub-devel
mailing list