On 18/05/2024 10:26, Eric Valette wrote:
Thanks for the updated package.
What remains not so clear for me is:
1) Why do you publish other package that are parts of the same
source code until shim-signed did pass the 5) step and have step 6),
2) Why shim-helpers-amd64-signed does not depend on shim-signed
instead of shim-unsigned.
At least you do not answer to 2) above
dpkg -s shim-helpers-amd64-signed
Package: shim-helpers-amd64-signed
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 933
Maintainer: Debian EFI team <debian-...@lists.debian.org>
Architecture: amd64
Version: 1+15.8+1
Replaces: shim (<< 15+1533136590.3beb971-3~), shim-signed (<< 1.29)
Depends: shim-unsigned (>= 15.8-1)
Breaks: shim-signed (<< 1.29)
Conflicts: shim (<< 15+1533136590.3beb971-3~)
Description: boot loader to chain-load signed boot loaders (signed by
Debian)
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of
the CA.
.
This package contains the MOK manager and fall-back manager signed by the
Debian UEFI CA to be used by shim-signed.
Built-Using: shim (= 15.8-1)
--
Eric Valette
