[Bug 1066016] [NEW] [MIR] sbsigntool

Steve Langasek steve.langasek at canonical.com
Fri Oct 12 15:07:15 UTC 2012 

Public bug reported:

Availability: In universe for amd64.

Rationale: Used as part of our signing toolchain for Secure Boot images
in launchpad, so it's de facto supported by Canonical already (and was
written by Canonical).  We would also like to use this at build-time of
the shim-signed package to verify the correctness of the signed binaries
returned to us by Microsoft.  (Currently there are some gaps that result
in me doing this by hand, so this build-dependency may not be added in
time for 12.10 regardless.)

Security: This is a commandline tool, not run as root, so user security
exposure is greatly limited despite its substantial security
implications for Secure Boot as a whole.

QA: there is a test suite in tree that's run at package build time.

Maintenance: Foundations.

** Affects: sbsigntool (Ubuntu)
     Importance: Medium
         Status: New

** Changed in: sbsigntool (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sbsigntool in Ubuntu.
https://bugs.launchpad.net/bugs/1066016

Title:
  [MIR] sbsigntool

Status in “sbsigntool” package in Ubuntu:
  New

Bug description:
  Availability: In universe for amd64.

  Rationale: Used as part of our signing toolchain for Secure Boot
  images in launchpad, so it's de facto supported by Canonical already
  (and was written by Canonical).  We would also like to use this at
  build-time of the shim-signed package to verify the correctness of the
  signed binaries returned to us by Microsoft.  (Currently there are
  some gaps that result in me doing this by hand, so this build-
  dependency may not be added in time for 12.10 regardless.)

  Security: This is a commandline tool, not run as root, so user
  security exposure is greatly limited despite its substantial security
  implications for Secure Boot as a whole.

  QA: there is a test suite in tree that's run at package build time.

  Maintenance: Foundations.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1066016/+subscriptions

More information about the foundations-bugs mailing list