Merge ~gavin.lin/plainbox-provider-checkbox:dbx-test into plainbox-provider-checkbox:master
Proposed by
Gavin Lin
Status: | Work in progress |
---|---|
Proposed branch: | ~gavin.lin/plainbox-provider-checkbox:dbx-test |
Merge into: | plainbox-provider-checkbox:master |
Diff against target: |
38 lines (+20/-0) 3 files modified
units/cve/category.pxu (+3/-0) units/cve/cve-2020-10713.pxu (+10/-0) units/cve/test-plan.pxu (+7/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jonathan Cave (community) | Needs Fixing | ||
Review via email: mp+390182@code.launchpad.net |
Commit message
Add test to check secure boot dbx for CVE-2020-10713.
To post a comment you must log in.
I'm not too sure if this really represents a test of the CVE itself which if understand correctly was a vulnerability in GRUB.
It appears that this test makes sure that a particular signature is no longer trusted when enforcing secure boot? I think it would help to make the descriptions a little more clear on that.
It may also make sense to try and limit this job to running only on systems that use the grub bootloader and have secure boot enabled via requires fields.