Bug 1181568

Summary: UEFI Secure Boot Blacklist Updates
Product: [Fedora] Fedora Reporter: Jaroslav Reznik <jreznik>
Component: Changes TrackingAssignee: Jaroslav Reznik <jreznik>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact: Pete Travis <me>
Priority: unspecified    
Version: 22CC: me, pjones
Target Milestone: ---Keywords: Tracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ChangeAcceptedF22 SystemWideChange
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-21 10:28:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaroslav Reznik 2015-01-13 11:38:32 UTC 
This is a tracking bug for Change: UEFI Secure Boot Blacklist Updates
For more details, see: https://fedoraproject.org//wiki/Changes/UEFISecureBootBlacklistUpdates

Currently our implementation of UEFI Secure Boot does not include a facility to apply blacklist ("dbx") updates enabled by default.  We provide a utility, dbxtool, which uses a systemd service to apply updates, and when there are updates we update that package with the new data.  dbxtool is currently not installed on UEFI machines by default, and when it is installed, its systemd service does not default to enabled.
Comment 1 Jaroslav Reznik 2015-02-20 10:01:41 UTC 
This message is a reminder that Fedora 22 Change Checkpoint: Completion deadline (testable) is on 2015-02-24 [1].

At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Completion deadline.

This bug should be set at least to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. Fedora 22 is going to be strictly time based release. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. 

In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.

[1] https://fedoraproject.org/wiki/Releases/22/Schedule
Comment 2 Peter Jones 2015-02-23 16:30:02 UTC 
I believe as of systemd-219-3.fc22 , dbxtool-0.6-4.fc22 , and shim-signed-0.8-8 this should be finished.
Comment 3 Jaroslav Reznik 2015-03-24 11:41:39 UTC 
This message is a reminder that Fedora 22 "Change Checkpoint: 100% Code Complete Deadline" is on 2015-03-31 [1].

All Accepted Changes has to be code complete and ready to be validated in the Beta release (optionally by Fedora QA). Required bug state at this point is ON_QA.

As for several System Wide Changes, Beta Freeze is a point of contingency plan, all incomplete Changes will be reported to FESCo for 2015-04-01 meeting. In case of any questions, don't hesitate to ask Wrangler (jreznik).

[1] https://fedoraproject.org/wiki/Releases/22/Schedule
Comment 4 Jaroslav Reznik 2015-03-30 14:23:14 UTC 
Based on comment #2, moving to ON_QA.