[Merge] ~ubuntu-core-dev/shim/+git/shim-signed:self-signed into ~ubuntu-core-dev/shim/+git/shim-signed:master
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Wed Apr 18 15:22:37 UTC 2018
Diff comments:
> diff --git a/debian/templates b/debian/templates
> index 604cda1..7fe3ac5 100644
> --- a/debian/templates
> +++ b/debian/templates
> @@ -8,39 +8,36 @@ _Description: Invalid password
> The Secure Boot key you've entered is not valid. The password used must be
> between 8 and 16 characters.
>
> -Template: shim/disable_secureboot
> -Type: boolean
> -Default: true
> -_Description: Disable UEFI Secure Boot?
> - If Secure Boot remains enabled on your system, your system may still boot but
> - any hardware that requires third-party drivers to work correctly may not be
> - usable.
> -
> Template: shim/enable_secureboot
> Type: boolean
> Default: false
> -_Description: Enable UEFI Secure Boot?
> - If Secure Boot is enabled on your system, your system may still boot but
> - any hardware that requires third-party drivers to work correctly may not be
> - usable.
> +_Description: Enroll a new Machine-Owner Key?
> + A new Machine-Owner key has been used to sign drivers. This key now needs to
> + be enrolled in your firmware, which will be done at the next reboot.
> + .
> + If Secure Boot validation was previously disabled on your system, validation
> + will also be re-enabled as part of this key enrollment process.
>
> Template: shim/secureboot_explanation
> Type: note
> _Description: Your system has UEFI Secure Boot enabled.
> - UEFI Secure Boot is not compatible with the use of third-party drivers.
> + UEFI Secure Boot requires additional configuration to work with third-party
> + drivers.
> .
> - The system will assist you in toggling UEFI Secure Boot. To ensure that this
> - change is being made by you as an authorized user, and not by an attacker,
> - you must choose a password now and then use the same password after reboot
> - to confirm the change.
> + The system will assist you in configuring UEFI Secure Boot. To permit the
> + use of the third-party drivers that are currently installed, a new
Reworded.
> + Machine-Owner Key (MOK) has been used to sign these drivers. This key now
> + needs to be enrolled in your system's firmware.
> .
> - If you choose to proceed but do not confirm the password upon reboot, Ubuntu
> - will still be able to boot on your system but the Secure Boot state will not
> - be changed.
> + To ensure that this change is being made by you as an authorized user, and
> + not by an attacker, you must choose a password now and then confirm the
> + change after reboot using the same password, in both the "Enroll MOK" and
> + "Change Secure Boot state" menus that will be presented to you when this
> + system reboots.
> .
> - If Secure Boot remains enabled on your system, your system may still boot but
> - any hardware that requires third-party drivers to work correctly may not be
> - usable.
> + If you proceed but do not confirm the password upon reboot, Ubuntu
> + will still be able to boot on your system but any hardware that requires
> + third-party drivers to work correctly may not be usable.
>
> Template: shim/secureboot_key
> Type: string
--
https://code.launchpad.net/~ubuntu-core-dev/shim/+git/shim-signed/+merge/337571
Your team Ubuntu Core Development Team is subscribed to branch ~ubuntu-core-dev/shim/+git/shim-signed:master.
More information about the Ubuntu-reviews
mailing list