Bug 869627

Summary: grub2: does not actually disable external module loading in Secure Boot mode
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: bcl, dcantrell, dennis, mads, pjones
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-24 13:39:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 869613    

Description Florian Weimer 2012-10-24 12:41:45 UTC 
When Secure Boot mode is enabled, only the "insmod" command is disabled, the module loading infrastructure in the background is still active.  Loading external modules must be disabled reliably in Secure Boot mode.
Comment 1 Mads Kiilerich 2012-10-24 13:17:25 UTC 
That should be handled by recent changes. Or is the point that it still isn't handled correctly?

Which package version do the comment apply to?
Comment 2 Florian Weimer 2012-10-24 13:33:27 UTC 
(In reply to comment #1)
> That should be handled by recent changes. Or is the point that it still
> isn't handled correctly?
> 
> Which package version do the comment apply to?

This was with grub2-2.00-9.fc18.  The most recent changes should indeed plug this hole.
Comment 3 Mads Kiilerich 2012-10-24 13:36:22 UTC 
So this should be closed again as CURRENTRELEASE / NEXTRELEASE / RAWHIDE?
Comment 4 Florian Weimer 2012-10-24 13:39:41 UTC 
(In reply to comment #3)
> So this should be closed again as CURRENTRELEASE / NEXTRELEASE / RAWHIDE?

Yes, closing.