summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/UEFI_Secure_boot.mdwn
diff options
context:
space:
mode:
author127.0.0.1 <127.0.0.1@web>2019-04-14 03:26:54 +0000
committerIkiWiki <ikiwiki.info>2019-04-14 03:26:54 +0000
commit15423efae682e4d06eb43cc3a5564b36d2336310 (patch)
treef13ae8b8ef7c1c3ddbc1eb5dabac6b74b05ec43f /wiki/src/blueprint/UEFI_Secure_boot.mdwn
parenta44c0ca3517d79baf15b02212d7ca8653ab22d48 (diff)
This reverts commit 45d80bee31850a9fd8f7acf0006ad18fd0af01b6
Diffstat (limited to 'wiki/src/blueprint/UEFI_Secure_boot.mdwn')
-rw-r--r--wiki/src/blueprint/UEFI_Secure_boot.mdwn19
1 files changed, 1 insertions, 18 deletions
diff --git a/wiki/src/blueprint/UEFI_Secure_boot.mdwn b/wiki/src/blueprint/UEFI_Secure_boot.mdwn
index 50337fb..266d323 100644
--- a/wiki/src/blueprint/UEFI_Secure_boot.mdwn
+++ b/wiki/src/blueprint/UEFI_Secure_boot.mdwn
@@ -11,13 +11,7 @@ enabled, without the user having to do _anything_ special about it.
Means: use the shim signed by Microsoft + GRUB2.
We don't support booting on a custom built kernel, so that should be
-relatively easy. Except:
-
-* The kernel won't allow loading an unsigned `aufs` module so we need
- to migrate to `overlayfs` ([[!tails_ticket 8415]]).
-* `overlayfs` does not allow stacking enough layers for our current
- upgrade system, so we need to [[!tails_ticket 15281 desc="stack one
- single SquashFS diff when upgrading"]].
+relatively easy.
Resources
=========
@@ -52,16 +46,5 @@ Resources
by Greg Kroah-Hartman
* Linux Foundation's
[Making UEFI Secure Boot Work With Open Platforms](http://linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms)
-
-Automated testing
-=================
-
-* The hard(est) part seems to be about how to enroll the signing keys
- into the nvram file. One option is to use `EnrollDefaultKeys.efi`
- from OVMF.
* [Automating Secure Boot Testing](https://www.youtube.com/watch?v=qtyRR-KbXYQ):
how Red Hat does CI for Secure Boot (FOSDEM 2018)
-* <https://wiki.ubuntu.com/UEFI/SecureBoot/Testing>
-* <https://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm>
-* <https://fedoraproject.org/wiki/Using_UEFI_with_QEMU#Testing_Secureboot_in_a_VM>
-* <https://github.com/puiterwijk/qemu-ovmf-secureboot>