Hi, could someone from the EFI team review the MR from Luca?
At ANSSI we are testing hardware acquired for the French administration for various security requirements [1], one of them beeing that the secure boot key should be updatable. We test this requirement by generating a small PKI and a USB key based on various efitools/sbsigntool binaries [2]. The efitools version currently in Debian has a bug which prevents updating the platform key on some implementation (for example some Lenovo ThinkPads with AMD processors [3]). The bug is fixed in 1.9.0+ so it'd be really nice to include it in Debian (for our use case, but more generally for all people wanting to update the PK in their machine). Thanks in advance! [1] https://www.ssi.gouv.fr/en/guide/hardware-security-requirements-for-x86-platforms/ [2] https://github.com/ANSSI-FR/chipsec-check/tree/master/tools [3] https://forums.lenovo.com/t5/ThinkPad-11e-Windows-13-E-and/Cannot-install-custom-secure-boot-PK-platform-key/td-p/4318378 [4] https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/commit/?id=e57bafc268511ad54598627b663a7ae86bd856f5 -- Yves-Alexis Perez ANSSI/SDE/ST/LAM Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter [email protected]. Si vous avez reçu ce message par erreur, nous vous remercions d’en informer l’expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: [email protected]. If you have received this message in error, we thank you for informing the sender and destroying the message.
