Comment 17 for bug 1696154
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1696154] Comment bridged from LTC Bugzilla | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
On Thu, Sep 07, 2017 at 11:50:09PM -0000, bugproxy wrote:
> ------- Comment From <email address hidden> 2017-09-07 19:41 EDT-------
> (In reply to comment #25)
> > Does IBM have any feedback for us regarding the test kernel Andy provided?
> We're planning to test this month. We'll give feedback as soon as the
> test is completed. The tentative target will be Sept. 29 or sooner.
> > Can you please clarify if this means you are expecting the db entry to be
> > delivered as an x509 certificate issued by the CA key listed in KEK, or if
> > it should be delivered according to the format defined in the UEFI spec for
> > authenticated variable updates?
> Our team needs to have some discussions before finalizing the expected
> format. We'll get back to you soon. Thanks!
Thanks. Do you have a timeline for when you will have this decision?
While we have procedures in place for signing/revoking keys whenever
necessary in the event of a key compromise, ordinarily this KEK key is not
available for signing. We have a window when we will be able to do this
signing from September 25 to September 29 and after that we do not have a
window scheduled until next year, so it would be good to know before then
what format you need this signed key matter to be provided in.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>