[Acked] Signed module enforcement patches for
Andy Whitcroft
apw at canonical.com
Fri Jun 17 07:26:45 UTC 2016
On Thu, Jun 16, 2016 at 04:49:35PM +0300, Tim Gardner wrote:
> These patches in support of
> (https://blueprints.launchpad.net/ubuntu/+spec/foundations-x-installing-unsigned-secureboot)
> have languished on this list since late April. All of the kernels have
> been built and tested by myself and Mathieu Trudel-Lapierre. Andy
> Whitcroft has asserted to me in private that they are difficult to
> review and can only really be tested for functionality. Furthermore,
> this patch set has been released in Xenial in a substantially similar form.
>
> Therefore I propose to apply them for this SRU cycle with the
> enforcement config option disabled. This at least exercises some of the
> more complex code that accesses the UEFI firmware.
>
> git://kernel.ubuntu.com/rtg/ubuntu-trusty.git
> lts-backport-utopic-enforce-signed-modules
> git://kernel.ubuntu.com/rtg/ubuntu-wily.git enforce-signed-modules
> git://kernel.ubuntu.com/rtg/ubuntu-vivid.git enforce-signed-modules
>
> All opposed say Aye.
I have reviewed the branches and they appear consistent and to intend to
bring all branches to a consistent level. The patches in the main are
simple and cherry-picks other than some of the scaffolding. The overall
set is large but seems reasonable in each case. As this is pretty
difficult to confirm completeness of scaffolding we should be relying on
functional testing in secure and non-secure boot environments.
Overall for all of these branches:
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list