[Bug 1075181] [NEW] Backport UEFI Secure Boot support for Ubuntu 12.04.2
Colin Watson
cjwatson at canonical.com
Mon Nov 5 14:57:59 UTC 2012
Public bug reported:
[Impact]
Since systems are beginning to come out with UEFI Secure Boot enabled by
default if they haven't already, we need to backport this support from
12.10 to 12.04.2. This is a complex set of enablement patches across a
number of packages. Most of them will be fairly straightforward
backports, but there are a few known warts:
* The grub2 support was built on 2.00, and depends on first backporting a number of other patches (mostly Unicode handling changes and UEFI variable support) to 1.99.
* 12.04.2 will have an alternate install image, which was removed from 12.10. Installer support here should be mostly the same as for the server image, but we have stricter space constraints and may need to adjust the way the signed kernel is delivered to deal with this. Andy Whitcroft and I have a plan for this which we'll implement between us in raring.
[Test Case]
The desktop, server, and alternate install images should all boot and
install on an SB-enabled system. I would recommend testing
installations from both a CD and a USB stick. After each installation,
use debsums to check that kernel checksums are correct.
[Regression Potential]
Check that non-SB installations of all these images still work. For
this, it is sufficient to test with either a CD or a USB stick, but not
necessarily both.
** Affects: ubuntu-cdimage
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Affects: base-installer (Ubuntu)
Importance: High
Status: Fix Released
** Affects: debian-installer (Ubuntu)
Importance: High
Status: Fix Released
** Affects: grub-installer (Ubuntu)
Importance: High
Status: Fix Released
** Affects: grub2 (Ubuntu)
Importance: High
Status: Fix Released
** Affects: grub2-signed (Ubuntu)
Importance: High
Status: Fix Released
** Affects: linux (Ubuntu)
Importance: High
Status: Fix Released
** Affects: linux-signed (Ubuntu)
Importance: High
Status: Fix Released
** Affects: sbsigntool (Ubuntu)
Importance: High
Status: Fix Released
** Affects: ubiquity (Ubuntu)
Importance: High
Status: Fix Released
** Affects: base-installer (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Affects: debian-installer (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Affects: grub-installer (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Affects: grub2 (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: In Progress
** Affects: grub2-signed (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Affects: linux (Ubuntu Precise)
Importance: High
Assignee: Andy Whitcroft (apw)
Status: Triaged
** Affects: linux-signed (Ubuntu Precise)
Importance: High
Assignee: Andy Whitcroft (apw)
Status: Triaged
** Affects: sbsigntool (Ubuntu Precise)
Importance: High
Status: Triaged
** Affects: ubiquity (Ubuntu Precise)
Importance: High
Assignee: Colin Watson (cjwatson)
Status: Triaged
** Tags: bot-stop-nagging
** Also affects: grub2 (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: grub2 (Ubuntu)
Status: New => Fix Released
** Also affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: New
** Changed in: grub2 (Ubuntu)
Importance: Undecided => High
** Changed in: grub2 (Ubuntu Precise)
Status: New => In Progress
** Changed in: grub2 (Ubuntu Precise)
Importance: Undecided => High
** Changed in: grub2 (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Changed in: grub2 (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: grub2-signed (Ubuntu)
Status: New => Fix Released
** Changed in: grub2-signed (Ubuntu)
Importance: Undecided => High
** Changed in: grub2-signed (Ubuntu Precise)
Status: New => Triaged
** Changed in: grub2-signed (Ubuntu Precise)
Importance: Undecided => High
** Changed in: grub2-signed (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => Fix Released
** Changed in: linux (Ubuntu Precise)
Status: New => Triaged
** Tags added: bot-stop-nagging
** Changed in: linux (Ubuntu)
Importance: Undecided => High
** Changed in: linux (Ubuntu Precise)
Importance: Undecided => High
** Changed in: linux (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: linux (Ubuntu Precise)
Assignee: (unassigned) => Andy Whitcroft (apw)
** Changed in: grub2-signed (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Also affects: linux-signed (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-signed (Ubuntu)
Status: New => Fix Released
** Changed in: linux-signed (Ubuntu)
Importance: Undecided => High
** Changed in: linux-signed (Ubuntu Precise)
Status: New => Triaged
** Changed in: linux-signed (Ubuntu Precise)
Importance: Undecided => High
** Changed in: linux-signed (Ubuntu Precise)
Assignee: (unassigned) => Andy Whitcroft (apw)
** Changed in: linux-signed (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Also affects: grub-installer (Ubuntu)
Importance: Undecided
Status: New
** Changed in: grub-installer (Ubuntu)
Importance: Undecided => High
** Changed in: grub-installer (Ubuntu)
Status: New => Fix Released
** Changed in: grub-installer (Ubuntu Precise)
Importance: Undecided => High
** Changed in: grub-installer (Ubuntu Precise)
Status: New => Triaged
** Changed in: grub-installer (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Also affects: sbsigntool (Ubuntu)
Importance: Undecided
Status: New
** Changed in: sbsigntool (Ubuntu)
Importance: Undecided => High
** Changed in: sbsigntool (Ubuntu)
Status: New => Fix Released
** Changed in: grub-installer (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: sbsigntool (Ubuntu Precise)
Importance: Undecided => High
** Changed in: sbsigntool (Ubuntu Precise)
Status: New => Triaged
** Changed in: sbsigntool (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Also affects: ubuntu-cdimage
Importance: Undecided
Status: New
** Changed in: ubuntu-cdimage
Importance: Undecided => High
** Changed in: ubuntu-cdimage
Status: New => Triaged
** Changed in: ubuntu-cdimage
Assignee: (unassigned) => Colin Watson (cjwatson)
** Also affects: base-installer (Ubuntu)
Importance: Undecided
Status: New
** Changed in: base-installer (Ubuntu)
Importance: Undecided => High
** Changed in: base-installer (Ubuntu)
Status: New => Fix Released
** Changed in: base-installer (Ubuntu Precise)
Importance: Undecided => High
** Changed in: base-installer (Ubuntu Precise)
Status: New => Triaged
** Changed in: base-installer (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: base-installer (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Also affects: ubiquity (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ubiquity (Ubuntu)
Importance: Undecided => High
** Changed in: ubiquity (Ubuntu)
Status: New => Fix Released
** Changed in: ubiquity (Ubuntu Precise)
Importance: Undecided => High
** Changed in: ubiquity (Ubuntu Precise)
Status: New => Triaged
** Changed in: ubiquity (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: ubiquity (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Also affects: debian-installer (Ubuntu)
Importance: Undecided
Status: New
** Changed in: debian-installer (Ubuntu)
Importance: Undecided => High
** Changed in: debian-installer (Ubuntu)
Status: New => Fix Released
** Changed in: debian-installer (Ubuntu Precise)
Importance: Undecided => High
** Changed in: debian-installer (Ubuntu Precise)
Status: New => Triaged
** Changed in: debian-installer (Ubuntu Precise)
Milestone: None => ubuntu-12.04.2
** Changed in: debian-installer (Ubuntu Precise)
Assignee: (unassigned) => Colin Watson (cjwatson)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1075181
Title:
Backport UEFI Secure Boot support for Ubuntu 12.04.2
Status in Ubuntu CD image build software:
Triaged
Status in “base-installer” package in Ubuntu:
Fix Released
Status in “debian-installer” package in Ubuntu:
Fix Released
Status in “grub-installer” package in Ubuntu:
Fix Released
Status in “grub2” package in Ubuntu:
Fix Released
Status in “grub2-signed” package in Ubuntu:
Fix Released
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux-signed” package in Ubuntu:
Fix Released
Status in “sbsigntool” package in Ubuntu:
Fix Released
Status in “ubiquity” package in Ubuntu:
Fix Released
Status in “base-installer” source package in Precise:
Triaged
Status in “debian-installer” source package in Precise:
Triaged
Status in “grub-installer” source package in Precise:
Triaged
Status in “grub2” source package in Precise:
In Progress
Status in “grub2-signed” source package in Precise:
Triaged
Status in “linux” source package in Precise:
Triaged
Status in “linux-signed” source package in Precise:
Triaged
Status in “sbsigntool” source package in Precise:
Triaged
Status in “ubiquity” source package in Precise:
Triaged
Bug description:
[Impact]
Since systems are beginning to come out with UEFI Secure Boot enabled
by default if they haven't already, we need to backport this support
from 12.10 to 12.04.2. This is a complex set of enablement patches
across a number of packages. Most of them will be fairly
straightforward backports, but there are a few known warts:
* The grub2 support was built on 2.00, and depends on first backporting a number of other patches (mostly Unicode handling changes and UEFI variable support) to 1.99.
* 12.04.2 will have an alternate install image, which was removed from 12.10. Installer support here should be mostly the same as for the server image, but we have stricter space constraints and may need to adjust the way the signed kernel is delivered to deal with this. Andy Whitcroft and I have a plan for this which we'll implement between us in raring.
[Test Case]
The desktop, server, and alternate install images should all boot and
install on an SB-enabled system. I would recommend testing
installations from both a CD and a USB stick. After each
installation, use debsums to check that kernel checksums are correct.
[Regression Potential]
Check that non-SB installations of all these images still work. For
this, it is sufficient to test with either a CD or a USB stick, but
not necessarily both.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-cdimage/+bug/1075181/+subscriptions
More information about the foundations-bugs
mailing list