Help test initial support for Secure BootOn Sat 02 February 2019 with tags buster installer
Written by Steve McIntyre, Cyril Brulebois
The Debian Installer team is happy to report that the Buster Alpha 5 release of the installer includes some initial support for UEFI Secure Boot (SB) in Debian's installation media.
This support is not yet complete, and we would like to request some help! Please read on for more context and instructions to help us get better coverage and support.
On amd64 machines, by default the Debian installer will now boot (and
install) a signed version of the
shim package as the first stage
boot loader. Shim is the core package in a signed Linux boot chain on
Intel-compatible PCs. It is responsible for validating signatures on
further pieces of the boot process (GRUB and the Linux kernel),
allowing for verification of those pieces. Each of those pieces will
be signed by a Debian production signing key that is baked into the
shim binary itself.
However, for safety during the development phase of Debian's SB support, we have only been using a temporary test key to sign our GRUB and Linux packages. If we made a mistake with key management or trust path verification during this development, this would save us from having to revoke the production key. We plan on switching to the production key soon.
Due to the use of the test key so far, out of the box Debian will not yet install or run with SB enabled; Shim will not validate signatures with the test key and will stop, reporting the problem. This is correct and useful behaviour!
Thus far, Debian users have needed to disable SB before installation to make things work. From now on, with SB still disabled, installation and use should work just the same as previously. Shim simply chain-loads GRUB and continues through the boot chain without checking signatures.
It is possible to enrol more keys on a SB system so that shim will recognise and allow other signatures, and this is how we have been able to test the rest of the boot chain. We now invite more users to give us valuable test coverage on a wider variety of hardware by enrolling our Debian test key and running with SB enabled.
If you want to help us test our Secure Boot support, please follow the instructions in the Debian wiki and provide feedback.
With help from users, we expect to be able to ship fully-working and tested UEFI Secure Boot in an upcoming Debian Installer release and in the main Buster release itself.
"futurePrototype" will be the default theme for Debian 10On Mon 14 January 2019 with tags buster artwork
Written by Laura Arjona Reina, Niels Thykier and Jonathan Carter
Artwork by Alex Makas
The theme "futurePrototype" by Alex Makas has been selected as default theme for Debian 10 'buster'.
After the Debian Desktop Team made the call for proposing themes, a total of eleven choices have been submitted, and any Debian contributor has received the opportunity to vote on them in a survey. We received 3,646 responses ranking the different choices, and futurePrototype has been the winner among them.
We'd like to thank all the designers that have participated providing nice wallpapers and artwork for Debian 10, and encourage everybody interested in this area of Debian, to join the Design Team.
Congratulations, Alex, and thank you very much for your contribution to Debian!
Debian Artwork: Call for Proposals for Debian 10 (Buster)On Sun 17 June 2018 with tags artwork buster cfp debian
Written by Jonathan Carter
This is the official call for artwork proposals for the Buster cycle.
For the most up to date details, please refer to the wiki.
We would also like to take this opportunity to thank Juliette Taka Belin for doing the Softwaves theme for stretch.
The deadlines for submissions is: 2018-09-05
The artwork is usually picked based on which themes look the most:
- ''Debian'': admittedly not the most defined concept, since everyone has their own take on what Debian means to them.
- ''plausible to integrate without patching core software'': as much as we love some of the insanely hot looking themes, some would require heavy GTK+ theming and patching GDM/GNOME.
- ''clean / well designed'': without becoming something that gets annoying to look at a year down the road. Examples of good themes include Joy, Lines and Softwaves.
If you'd like more information, please use the Debian Desktop mailing list.
Page 1 / 1