)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"685b3bd1_0e49941a","updated":"2024-04-12 07:53:33.000000000","message":"just pointed out some typos, the content looks good, thanks!","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"}],"doc/source/admin/security.rst":[{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":true,"context_lines":[{"line_number":125,"context_line":"in and verify additional signed artifacts which were signed utilizing"},{"line_number":126,"context_line":"different keys."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"This is fundimentally how most Linux operating systems boot today. A ``shim``"},{"line_number":129,"context_line":"loader is signed by an authority, Microsoft, which is generally trusted by"},{"line_number":130,"context_line":"hardware vendors. The shim loader then loads a boot loader such as Grub, which"},{"line_number":131,"context_line":"then loads an operating system."}],"source_content_type":"text/x-rst","patch_set":1,"id":"757516bb_fc968d46","line":128,"updated":"2024-04-12 07:53:33.000000000","message":"fundamentally","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c41fe2cb09882e37b68f8fb63b20d3e35e93fc6","unresolved":false,"context_lines":[{"line_number":125,"context_line":"in and verify additional signed artifacts which were signed utilizing"},{"line_number":126,"context_line":"different keys."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"This is fundimentally how most Linux operating systems boot today. A ``shim``"},{"line_number":129,"context_line":"loader is signed by an authority, Microsoft, which is generally trusted by"},{"line_number":130,"context_line":"hardware vendors. The shim loader then loads a boot loader such as Grub, which"},{"line_number":131,"context_line":"then loads an operating system."}],"source_content_type":"text/x-rst","patch_set":1,"id":"b6f3463b_4fe8fa67","line":128,"in_reply_to":"757516bb_fc968d46","updated":"2024-04-19 21:45:47.000000000","message":"Done","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":true,"context_lines":[{"line_number":141,"context_line":""},{"line_number":142,"context_line":"There are reports in the Open Source community that Microsoft has been willing"},{"line_number":143,"context_line":"to sign iPXE binaries, however the requirements are a bit steep for Open"},{"line_number":144,"context_line":"Soruce and largely means that Vendors would need to sholder the burden for"},{"line_number":145,"context_line":"signed iPXE binaries to become common place. The iPXE developers provide"},{"line_number":146,"context_line":"further `details on their website \u003chttps://ipxe.org/appnote/etoken\u003e`_,"},{"line_number":147,"context_line":"but it provides the details which solidify why we\u0027re unlikely to see"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3714372b_1eb5bd55","line":144,"range":{"start_line":144,"start_character":0,"end_line":144,"end_character":6},"updated":"2024-04-12 07:53:33.000000000","message":"Source","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c41fe2cb09882e37b68f8fb63b20d3e35e93fc6","unresolved":false,"context_lines":[{"line_number":141,"context_line":""},{"line_number":142,"context_line":"There are reports in the Open Source community that Microsoft has been willing"},{"line_number":143,"context_line":"to sign iPXE binaries, however the requirements are a bit steep for Open"},{"line_number":144,"context_line":"Soruce and largely means that Vendors would need to sholder the burden for"},{"line_number":145,"context_line":"signed iPXE binaries to become common place. The iPXE developers provide"},{"line_number":146,"context_line":"further `details on their website \u003chttps://ipxe.org/appnote/etoken\u003e`_,"},{"line_number":147,"context_line":"but it provides the details which solidify why we\u0027re unlikely to see"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a25ba5b0_b78315ac","line":144,"range":{"start_line":144,"start_character":0,"end_line":144,"end_character":6},"in_reply_to":"3714372b_1eb5bd55","updated":"2024-04-19 21:45:47.000000000","message":"Done","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":true,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. NOTE::"},{"line_number":157,"context_line":"   The utility to manage keys in Linux on a local machine is `mokutil`,"},{"line_number":158,"context_line":"   however it modeled for manual invocation. One may be able to manage"},{"line_number":159,"context_line":"   keys via Baseboard Management Controller, and Ironic may add such"},{"line_number":160,"context_line":"   capabilities at some point in time."},{"line_number":161,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"2bab0f08_ba70c80f","line":158,"updated":"2024-04-12 07:53:33.000000000","message":"it\u0027s","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c41fe2cb09882e37b68f8fb63b20d3e35e93fc6","unresolved":false,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":".. NOTE::"},{"line_number":157,"context_line":"   The utility to manage keys in Linux on a local machine is `mokutil`,"},{"line_number":158,"context_line":"   however it modeled for manual invocation. One may be able to manage"},{"line_number":159,"context_line":"   keys via Baseboard Management Controller, and Ironic may add such"},{"line_number":160,"context_line":"   capabilities at some point in time."},{"line_number":161,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"68e2900e_88ca04da","line":158,"in_reply_to":"2bab0f08_ba70c80f","updated":"2024-04-19 21:45:47.000000000","message":"Done","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":true,"context_lines":[{"line_number":163,"context_line":"`shim \u003chttps://wiki.debian.org/SecureBoot#Shim\u003e`_ and Grub2 to network boot"},{"line_number":164,"context_line":"a machine, however Grub2\u0027s capabilities for booting a machine are extremely"},{"line_number":165,"context_line":"limited when compared to a tool like iPXE. It is also worth noting the bulk"},{"line_number":166,"context_line":"of Ironic\u0027s example configurations utilize iPXE, including whole activites"},{"line_number":167,"context_line":"like unmanaged hardware introspection with ironic-inspector."},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"For extra context, unmanaged introspection is when you ask ironic-inspector"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e6b071af_4052114c","line":166,"updated":"2024-04-12 07:53:33.000000000","message":"activities","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c41fe2cb09882e37b68f8fb63b20d3e35e93fc6","unresolved":false,"context_lines":[{"line_number":163,"context_line":"`shim \u003chttps://wiki.debian.org/SecureBoot#Shim\u003e`_ and Grub2 to network boot"},{"line_number":164,"context_line":"a machine, however Grub2\u0027s capabilities for booting a machine are extremely"},{"line_number":165,"context_line":"limited when compared to a tool like iPXE. It is also worth noting the bulk"},{"line_number":166,"context_line":"of Ironic\u0027s example configurations utilize iPXE, including whole activites"},{"line_number":167,"context_line":"like unmanaged hardware introspection with ironic-inspector."},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"For extra context, unmanaged introspection is when you ask ironic-inspector"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fff25dd3_88fd0418","line":166,"in_reply_to":"e6b071af_4052114c","updated":"2024-04-19 21:45:47.000000000","message":"Done","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"8d2b5b96a12b6cd1dd19252a25d51388ea8a8289","unresolved":true,"context_lines":[{"line_number":181,"context_line":""},{"line_number":182,"context_line":"Other drivers, such as :doc:`/admin/drivers/ipmitool`, may be able to be manually"},{"line_number":183,"context_line":"configured on the host, but as there is not standardization of Secure Boot"},{"line_number":184,"context_line":"support in the IPMI protocol, you may encountered unexpected behavior."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Support for the UEFI secure boot is declared by adding the ``secure_boot``"},{"line_number":187,"context_line":"capability in the ``capabilities`` parameter in the ``properties`` field of"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bc34f9d8_312dfb67","line":184,"updated":"2024-04-12 07:53:33.000000000","message":"encounter","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c41fe2cb09882e37b68f8fb63b20d3e35e93fc6","unresolved":false,"context_lines":[{"line_number":181,"context_line":""},{"line_number":182,"context_line":"Other drivers, such as :doc:`/admin/drivers/ipmitool`, may be able to be manually"},{"line_number":183,"context_line":"configured on the host, but as there is not standardization of Secure Boot"},{"line_number":184,"context_line":"support in the IPMI protocol, you may encountered unexpected behavior."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Support for the UEFI secure boot is declared by adding the ``secure_boot``"},{"line_number":187,"context_line":"capability in the ``capabilities`` parameter in the ``properties`` field of"}],"source_content_type":"text/x-rst","patch_set":1,"id":"25d9454a_391334fa","line":184,"in_reply_to":"bc34f9d8_312dfb67","updated":"2024-04-19 21:45:47.000000000","message":"Done","commit_id":"4b6b36569631f2bf2c7a1f96520d25a830eb63e6"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"f05abfe74c5c529fd1a8fea305277ed450b3cc21","unresolved":true,"context_lines":[{"line_number":159,"context_line":"hardware vendors. The shim loader then loads a boot loader such as Grub, which"},{"line_number":160,"context_line":"then loads an operating system."},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"Underlying challenges"},{"line_number":163,"context_line":"---------------------"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"A major challenge for Secure Boot is the state of Preboot eXecution"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ba38c226_41200614","line":162,"updated":"2024-04-29 21:51:07.000000000","message":"I wonder if this in-depth, context-heavy section should be separated from our more directive security guide.","commit_id":"62506393f1af77762e2643c33107ab6d232b71eb"}]}
