Closing old bug - our live media builds have working SB support. I found that the UEFI setup we're using is all driven by live-wrapper rather than the code in vmdebootstrap, which made life much easier.
As vmdebootstrap is basically moribund, probably worth closing 821088 too? On Fri, Aug 03, 2018 at 11:32:16PM +0800, Ben Hutchings wrote: >On Fri, 2018-08-03 at 18:12 +0300, Lars Wirzenius wrote: >> On Fri, 2018-08-03 at 23:03 +0800, Ben Hutchings wrote: >> > On Fri, 2018-08-03 at 17:50 +0300, Lars Wirzenius wrote: >> > > On Fri, 2018-08-03 at 21:56 +0800, Ben Hutchings wrote: >> > > > Since vmdebootstrap is no longer developed, bug #821088 will not be >> > > > fixed there, but perhaps Secure Boot will be supportable using vmdb2. >> > > > >> > > > If vmdb2 allows its users to specify which package(s) to install as >> > > > boot loaders, then I don't think it needs to do anything specific to >> > > > support Secure Boot. >> > > > >> > > > If vmdb2 has specific logic for installing grub2, #821088 should be >> > > > reassigned to vmdb2. >> > > >> > > I'm afraid I have no idea what's needed, if anything, for vmdb2 to >> > > support >> > > Secure Boot. >> > >> > As I understand it, you would need to install grub-efi-$ARCH-signed and >> > shim-signed, instead of grub-efi-$ARCH. >> >> That would be easy enough to do. I'm thinking the uefi could gain a third >> flavor (currently "bios" and "uefi": "uefi-secure-boot". The difference >> with the "uefi" flavour would be packages installed. That would be an easy >> to patch to make (but I have no idea how I'd test it). > >You can use QEMU and OVMF as a Secure Boot test system: >https://www.decadent.org.uk/ben/blog/experiments-with-signed-kernels-and-modules-in-debian.html >I'm not sure where you should get the Microsoft CA certificate from >though. > >grub-efi-amd64-signed is *not* yet in the archive, though shim-signed >is. > >Ben. > >-- >Ben Hutchings >For every complex problem >there is a solution that is simple, neat, and wrong. -- Steve McIntyre, Cambridge, UK. st...@einval.com Into the distance, a ribbon of black Stretched to the point of no turning back
