On 07/31/2020 11:14 PM, Marcus Meissner wrote:
On Fri, Jul 31, 2020 at 10:30:47PM +0200, mailinglisten@posteo.de wrote:
Am 30.07.20 um 15:10 schrieb Marcus Meissner:
(......) will stay unchanged? Yes, the openSUSE Secure Boot CA will stay unchanged.
Is the new key available for download somewhere? I have my own set of PK/KEK and import such keys usually manually. We still need to generate the new key, we need to wait until the fixed grub2 has been checked into openSUSE:Factory first to avoid having it signed by the new key.
I will send it as reply as soon as its available. Out of curiousity, what toolchain do you use to create/handle secure boot keys? The signing itself is done by the open build service in the background.
sbsigntools and efitools have never been part of any official SUSE repo. Lucky, the author of these tools has his own repo. We use the "pesign" toolset, from here https://github.com/rhboot/pesign
Ars Technica is reporting boot failures after the BootHole patch is installed on Red Hat, CentOS, Ubuntu, Debian and maybe others. https://arstechnica.com/gadgets/2020/07/red-hat-and-centos-systems-arent-boo... Did the openSUSE patch get delayed because of the key id issue mentioned here: https://lists.opensuse.org/opensuse-security/2020-07/msg00001.html Regards, Lew -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org