public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
* [Bug translator/28788] New: consider low-security secureboot mode
@ 2022-01-17 18:56 fche at redhat dot com
  2022-01-17 20:50 ` [Bug translator/28788] consider low-security stap-server-less " fche at redhat dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: fche at redhat dot com @ 2022-01-17 18:56 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=28788

            Bug ID: 28788
           Summary: consider low-security secureboot mode
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

It seems like many folks running secureboot machines who also wish to run stap
lkm scripts find the stap-server based signing machinery onerous - and its
extra security unnecessary.  We should investigate a stap command line option
where it performs module signing / mok stuff in a self-sufficient manner.

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug translator/28788] consider low-security stap-server-less secureboot mode
  2022-01-17 18:56 [Bug translator/28788] New: consider low-security secureboot mode fche at redhat dot com
@ 2022-01-17 20:50 ` fche at redhat dot com
  2022-01-18 12:36 ` fweimer at redhat dot com
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: fche at redhat dot com @ 2022-01-17 20:50 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=28788

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|consider low-security       |consider low-security
                   |secureboot mode             |stap-server-less secureboot
                   |                            |mode

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug translator/28788] consider low-security stap-server-less secureboot mode
  2022-01-17 18:56 [Bug translator/28788] New: consider low-security secureboot mode fche at redhat dot com
  2022-01-17 20:50 ` [Bug translator/28788] consider low-security stap-server-less " fche at redhat dot com
@ 2022-01-18 12:36 ` fweimer at redhat dot com
  2022-04-25 18:16 ` scox at redhat dot com
  2022-04-25 18:18 ` scox at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2022-01-18 12:36 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=28788

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug translator/28788] consider low-security stap-server-less secureboot mode
  2022-01-17 18:56 [Bug translator/28788] New: consider low-security secureboot mode fche at redhat dot com
  2022-01-17 20:50 ` [Bug translator/28788] consider low-security stap-server-less " fche at redhat dot com
  2022-01-18 12:36 ` fweimer at redhat dot com
@ 2022-04-25 18:16 ` scox at redhat dot com
  2022-04-25 18:18 ` scox at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: scox at redhat dot com @ 2022-04-25 18:16 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=28788

Stan Cox <scox at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |scox at redhat dot com

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug translator/28788] consider low-security stap-server-less secureboot mode
  2022-01-17 18:56 [Bug translator/28788] New: consider low-security secureboot mode fche at redhat dot com
                   ` (2 preceding siblings ...)
  2022-04-25 18:16 ` scox at redhat dot com
@ 2022-04-25 18:18 ` scox at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: scox at redhat dot com @ 2022-04-25 18:18 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=28788

Stan Cox <scox at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Stan Cox <scox at redhat dot com> ---
42be330a7 - Have the stap server mok sign modules using stap --sign-module=PATH
2f228e21b - Add --sign-module to enable users to mok sign their own modules

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-04-25 18:18 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-17 18:56 [Bug translator/28788] New: consider low-security secureboot mode fche at redhat dot com
2022-01-17 20:50 ` [Bug translator/28788] consider low-security stap-server-less " fche at redhat dot com
2022-01-18 12:36 ` fweimer at redhat dot com
2022-04-25 18:16 ` scox at redhat dot com
2022-04-25 18:18 ` scox at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).