summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-04-13 07:35:59 +0000
committerintrigeri <intrigeri@boum.org>2019-04-13 07:35:59 +0000
commit45d80bee31850a9fd8f7acf0006ad18fd0af01b6 (patch)
treef47b5a818d16d0002516a8ff5b0b3d3f216c5741
parent43d5aae078b5b5441ac9b02fa3d795240c948a55 (diff)
Revert spam.
-rw-r--r--wiki/src/blueprint/UEFI_Secure_boot.mdwn19
-rw-r--r--wiki/src/blueprint/monthly_report.mdwn4
-rw-r--r--wiki/src/blueprint/monthly_report/report_2019_03.mdwn6
-rw-r--r--wiki/src/blueprint/veracrypt/build-gnome-shell.mdwn1
4 files changed, 23 insertions, 7 deletions
diff --git a/wiki/src/blueprint/UEFI_Secure_boot.mdwn b/wiki/src/blueprint/UEFI_Secure_boot.mdwn
index 266d323..50337fb 100644
--- a/wiki/src/blueprint/UEFI_Secure_boot.mdwn
+++ b/wiki/src/blueprint/UEFI_Secure_boot.mdwn
@@ -11,7 +11,13 @@ enabled, without the user having to do _anything_ special about it.
Means: use the shim signed by Microsoft + GRUB2.
We don't support booting on a custom built kernel, so that should be
-relatively easy.
+relatively easy. Except:
+
+* The kernel won't allow loading an unsigned `aufs` module so we need
+ to migrate to `overlayfs` ([[!tails_ticket 8415]]).
+* `overlayfs` does not allow stacking enough layers for our current
+ upgrade system, so we need to [[!tails_ticket 15281 desc="stack one
+ single SquashFS diff when upgrading"]].
Resources
=========
@@ -46,5 +52,16 @@ Resources
by Greg Kroah-Hartman
* Linux Foundation's
[Making UEFI Secure Boot Work With Open Platforms](http://linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms)
+
+Automated testing
+=================
+
+* The hard(est) part seems to be about how to enroll the signing keys
+ into the nvram file. One option is to use `EnrollDefaultKeys.efi`
+ from OVMF.
* [Automating Secure Boot Testing](https://www.youtube.com/watch?v=qtyRR-KbXYQ):
how Red Hat does CI for Secure Boot (FOSDEM 2018)
+* <https://wiki.ubuntu.com/UEFI/SecureBoot/Testing>
+* <https://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm>
+* <https://fedoraproject.org/wiki/Using_UEFI_with_QEMU#Testing_Secureboot_in_a_VM>
+* <https://github.com/puiterwijk/qemu-ovmf-secureboot>
diff --git a/wiki/src/blueprint/monthly_report.mdwn b/wiki/src/blueprint/monthly_report.mdwn
index 9b5bca8..a00a080 100644
--- a/wiki/src/blueprint/monthly_report.mdwn
+++ b/wiki/src/blueprint/monthly_report.mdwn
@@ -19,8 +19,8 @@ beginning of May.
- December 2018: spriver
- January 2019: emmapeel
- February 2019: intrigeri
- - March 2019: TheNerdyAnarchist
- - April 2019:
+ - March 2019: TheNerdyAnarchist & emmapeel
+ - April 2019: sajolida
- May 2019:
- June 2019:
- July 2019: u
diff --git a/wiki/src/blueprint/monthly_report/report_2019_03.mdwn b/wiki/src/blueprint/monthly_report/report_2019_03.mdwn
index 9c2653f..4faf8d5 100644
--- a/wiki/src/blueprint/monthly_report/report_2019_03.mdwn
+++ b/wiki/src/blueprint/monthly_report/report_2019_03.mdwn
@@ -98,13 +98,11 @@ User experience
Hot topics on our help desk
===========================
-XXX: Ask tails-bugs@boum.org to list hot topics for the last month.
-1.
+1. there were several users reporting [[!tails_ticket 14754]]
-1.
+1. and there are still some people affected by [[!tails_ticket 10976]]
-1.
Infrastructure
==============
diff --git a/wiki/src/blueprint/veracrypt/build-gnome-shell.mdwn b/wiki/src/blueprint/veracrypt/build-gnome-shell.mdwn
index eb39298..80214b1 100644
--- a/wiki/src/blueprint/veracrypt/build-gnome-shell.mdwn
+++ b/wiki/src/blueprint/veracrypt/build-gnome-shell.mdwn
@@ -20,6 +20,7 @@
* clone upstream git
git clone https://gitlab.gnome.org/GNOME/gnome-shell.git gnome-shell-git
+ git submodule update --init
* disable upstream VCS tag checking