Secure Boot support for Live CDs

Registered by Jeremy Kerr on 2011-09-26

Discussion on Live CD/USB integration with Secure Boot. Will we need to create signed images? How will we maintain user-modifiability? Can we avoiding signed images?

Blueprint information

Status:
Not started
Approver:
Jeremy Kerr
Priority:
Undefined
Drafter:
Jeremy Kerr
Direction:
Approved
Assignee:
None
Definition:
New
Series goal:
Accepted for precise
Implementation:
Unknown
Milestone target:
milestone icon ubuntu-12.04

Related branches

Sprints

Whiteboard

GPLv3 compliance: user must be able to perform equivalent signing

Work items:
signing tool (being worked on by Red Hat)
new custom upload method in Launchpad (dpkg-distaddfile grub.efi, signed by LP publisher, publish to somewhere under dists/)
grub-efi-amd64-presigned package to download and install signed grub.efi
[mjg59] send jk-ozlabs notes on taking machine out of setup code
[jk-ozlabs] fix kernel to support installing keys from setup code
[jk-ozlabs] grub-installer code to take machine out of setup mode by installing keys

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.