ACK: Signed module enforcement patches for
Stefan Bader
stefan.bader at canonical.com
Fri Jun 17 09:22:16 UTC 2016
On 16.06.2016 15:49, Tim Gardner wrote:
> These patches in support of
> (https://blueprints.launchpad.net/ubuntu/+spec/foundations-x-installing-unsigned-secureboot)
> have languished on this list since late April. All of the kernels have
> been built and tested by myself and Mathieu Trudel-Lapierre. Andy
> Whitcroft has asserted to me in private that they are difficult to
> review and can only really be tested for functionality. Furthermore,
> this patch set has been released in Xenial in a substantially similar form.
>
> Therefore I propose to apply them for this SRU cycle with the
> enforcement config option disabled. This at least exercises some of the
> more complex code that accesses the UEFI firmware.
>
> git://kernel.ubuntu.com/rtg/ubuntu-trusty.git
> lts-backport-utopic-enforce-signed-modules
> git://kernel.ubuntu.com/rtg/ubuntu-wily.git enforce-signed-modules
> git://kernel.ubuntu.com/rtg/ubuntu-vivid.git enforce-signed-modules
>
> All opposed say Aye.
As said before it is hard to review the effects of the changes for older kernel
and user-space. The changesets look reasonable and related. So I say "nai" lets
go forward based on testing so far and see how things work out.
-Stefan
>
> rtg
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20160617/62d416ba/attachment.sig>
More information about the kernel-team
mailing list