Meta: Signing memtest86+ v6.10

[fezie]

As talked in #debian-efi:

memtest86+ v6.10 now finally supports Secure Boot.
@Fantu and me, the Debian Maintainers of it, would like to get it officially signed by the Debian CA.
And probable it would be useful for other distributions too.

So what needs to be done to get it signed?
Can Fantu and I do anything? Or does upstream of memtest86+ needs to do anything first?

[fezie]

Any news? Has it been internally discussed or something like that?
Debian has released bookworm now, so we could work on implementing it for trixie.

[dechamps]

FYI, this makes it harder to use Debian Live as an effective troubleshooting/rescue OS tool, because the included memtest86+ will refuse to run out-of-the-box with grub-efi showing an "error: bad shim signature." message.

[DaDummy]

Having memtest86+ signed for secure boot would be a really valuable step towards universal adoption of secure boot, since this is quite a valuable debugging tool for systems which is broadly deployed across linux distributions.

Any chance of getting someone with the means to facilitate signing to pick this up?

[debrouxl]

Hi, upstream auxiliary maintainer here.
If there's something upstream can do, we're all ears, within the limits of available developer time, of course...
However, AFAWCT on our side, the Secure Boot support in upstream, contributed by Peter Jones, was successfully tested on dozens of computer models by the beta-testing team, and even found bugs in some BIOS implementations. See memtest86plus/memtest86plus#34 memtest86plus/memtest86plus#254 .

[julian-klode]

I think what you want to do is to self-audit and write an audit report. "This is blah, this is what we do, here's why we believe this is safe meow".

[charlescurley]

I see this with secure boot on. Using Debian 12 (Bookworm).

memtest86+ 7.00-1~bpo12+1 amd64