On Thu, 2017-06-29 at 10:19 -0400, Peter Jones wrote:
On Wed, Jun 28, 2017 at 06:53:58PM -0700, Adam Williamson wrote:
> There are five proposed blockers. My professional guesstimate *at this
> point* is that at least four of them will probably be rejected, though
> that could change with more data (attention pjones: if #1418360 and
> #1451071 are more serious than they seem to us so far, please do let us
They absolutely are: basically Secure Boot doesn't trigger kmod
signature checking, read-only /dev/mem, etc., in the current trees.
This update fixes a grub bug that's triggering that behavior in the
newer kernels, but was not triggering it in the older ones.
So yes, I very much think these should be blockers.
Ah, from the description I thought it was purely an informational thing
(just the user couldn't tell whether SB was enabled, but if it was in
fact enabled, it was working properly). So basically the appropriate
protections aren't put in place when SB is active, making it quite easy
to subvert SB?
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net