-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SBAT.md for today's consensus about numbers #672
Fix SBAT.md for today's consensus about numbers #672
Conversation
As per rhboot#634, the current consensus seems to be for generation numbers to only ever go up and not get reset. This has been clarified and an example related to this behavior has been described. Signed-off-by: Kamil Aronowski <[email protected]>
SBAT.md
Outdated
In the perfect scenario, to provide the perfect security, the UEFI SBAT | ||
revocation variable (named *SbatLevel*) would then be set, so that GRUB with a | ||
global generation number of only 4 or higher would be able to be booted. (In | ||
reality there's naturally going to be a certain grace period) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need to emphasise the "perfect security" etc. so much here. Maybe just:
After this, the UEFI SBAT revocation variable (named SbatLevel) would be updated to raise the minimum global generation number for GRUB to 4.
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about "[...] to raise the mandatory minimal global generation number [...]", putting an emphasis on the "must" in "from this point in time it must be 4 or higher"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few suggested changes, otherwise looks good!
Signed-off-by: Kamil Aronowski <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, I think!
As per #634, the current consensus seems to be for generation numbers to only ever go up and not get reset. This has been clarified and an example related to this behavior has been described.