Bits from the Debian Release Team: release update

Posted Apr 30, 2017 2:23 UTC (Sun) by zlynx (guest, #2285)
In reply to: Bits from the Debian Release Team: release update by jebba
Parent article: Bits from the Debian Release Team: release update

Secure Boot *is* a feature. Some people want it.

I know that we don't need it. I haven't seen anything but some tablet/convertible PCs that actually require it.

Bits from the Debian Release Team: release update

Posted May 1, 2017 14:43 UTC (Mon) by rahvin (guest, #16953) [Link] (3 responses)

Absolutely, end to end signing is possible. This offers some very interesting possibilities for users or businesses that are looking for securely signed code systems. Secure boot is a feature that people will be demanding at some point, and I wouldn't be surprised if that point is already here in security sensitive business. Make no mistake as the tools proliferate and other things like TPM 2.0 get out there we're likely to see these tools expand and gain very useful end user capabilities.

Bits from the Debian Release Team: release update

Posted May 2, 2017 11:44 UTC (Tue) by ballombe (subscriber, #9523) [Link] (2 responses)

You can use secure boot with Debian already.

This is just about Debian installer support for setting up secure boot with the built-in Microsoft key.
This requires a secure infrastructure to sign the debian bootloader etc. which is not available yet.

If you enroll your own key, none of this concern you.

Bits from the Debian Release Team: release update

Posted May 5, 2017 20:06 UTC (Fri) by wx (guest, #103979) [Link] (1 responses)

Are you saying the same infrastructure that's already used to sign Debian packages is now considered insecure? That doesn't sound like good news to me... Care to explain?

Bits from the Debian Release Team: release update

Posted May 6, 2017 2:38 UTC (Sat) by pabs (subscriber, #43278) [Link]

The Debian infrastructure currently only signs things with OpenPGP. It doesn't yet support the type of signing that Secure Boot requires.