| 28 Jul 2022 |
 raitobezarius | I will be working on this in 2-3 days FWIW | 16:04:23 |
 Mic92 | In reply to @raitobezarius:matrix.org
Well, there is the bootspec-secureboot project Thanks | 16:26:51 |
| Mic92 | Is there a place to follow the progress of this? | 16:27:09 |
 @grahamc:nixos.org | I've been using bootspec-secureboot for some time now to good effect, and I think raito is going to be doing more work there | 18:06:07 |
| 4 Aug 2022 |
|  ari ❄ joined the room. | 18:27:07 |
| 8 Aug 2022 |
|  ar left the room. | 07:22:05 |
| 11 Aug 2022 |
| ari ❄ set a profile picture. | 20:54:16 |
| 17 Aug 2022 |
|  greaka joined the room. | 20:23:48 |
| 18 Aug 2022 |
|  Florian | W3F changed their profile picture. | 09:21:49 |
| 19 Aug 2022 |
|  kayla (she/they) changed their display name from kayla.fire to kayla (she/they). | 01:39:58 |
| 21 Aug 2022 |
| greaka changed their display name from greaka ⚡️ to greaka . | 09:25:58 |
| 23 Aug 2022 |
|  Echo joined the room. | 00:50:12 |
| 24 Aug 2022 |
|  underpantsgnome changed their display name from tinybronca to underpantsgnome. | 23:04:15 |
| 30 Aug 2022 |
|  aru joined the room. | 14:43:03 |
| aru left the room. | 14:55:33 |
| 2 Sep 2022 |
|  linj joined the room. | 12:43:36 |
| 4 Sep 2022 |
| raitobezarius | https://github.com/NixOS/nixpkgs/pull/189676 | 13:31:03 |
| 5 Sep 2022 |
| @grahamc:nixos.org | attempt #3 :x | 01:22:12 |
|  Ronny joined the room. | 06:02:13 |
| 7 Sep 2022 |
|  Alexandre joined the room. | 09:40:54 |
| 11 Sep 2022 |
| Ronny changed their profile picture. | 21:27:04 |
| 14 Sep 2022 |
|  ElvishJerricco joined the room. | 23:27:09 |
| ElvishJerricco | Zhaofeng Li: So moving over here because it seems more relevant: That patch doesn't seem to apply to NixOS. Based on the Loaded initrd from command line option message you see when booting with systemd-boot, that code path in that patch doesn't seem to measure the initrd | 23:28:25 |
| ElvishJerricco | which is odd. I dunno why you'd only measure one of those two branches. Either it's measured elsewhere or this is a kernel bug | 23:30:45 |
| ElvishJerricco | Though honestly I guess it doesn't matter. The attacker can always override the cmdline if you're not using a UKI anyway. So UKI it is | 23:53:37 |
| 15 Sep 2022 |
 Zhaofeng Li | In reply to @elvishjerricco:matrix.org
Zhaofeng Li: So moving over here because it seems more relevant: That patch doesn't seem to apply to NixOS. Based on the Loaded initrd from command line option message you see when booting with systemd-boot, that code path in that patch doesn't seem to measure the initrd Wow, that's certainly very weird. What are those two code paths? | 01:16:07 |
| ElvishJerricco | Zhaofeng Li: This branch does measure it, but this branch doesn't, which seems to be the one we hit with nixos | 01:18:00 |
| Zhaofeng Li | Ah, so supplying initrd= via the cmdline doesn't trigger the measurement, awkward | 01:25:19 |
| ElvishJerricco | and I can't imagine why they wouldn't want to measure it. It seems perfectly possible there | 01:25:40 |
| ElvishJerricco | Like, just move the measurement call to after the if else if block or something | 01:26:25 |
