On Wed, Jun 28, 2017 at 06:53:58PM -0700, Adam Williamson wrote:
There are five proposed blockers. My professional guesstimate *at this point* is that at least four of them will probably be rejected, though that could change with more data (attention pjones: if #1418360 and #1451071 are more serious than they seem to us so far, please do let us know).
They absolutely are: basically Secure Boot doesn't trigger kmod signature checking, read-only /dev/mem, etc., in the current trees. This update fixes a grub bug that's triggering that behavior in the newer kernels, but was not triggering it in the older ones.
So yes, I very much think these should be blockers.