[Bug 1075181] Re: Backport UEFI Secure Boot support for Ubuntu 12.04.2

Launchpad Bug Tracker 1075181 at bugs.launchpad.net
Thu Jan 3 18:45:46 UTC 2013 

This bug was fixed in the package ubiquity - 2.10.23

---------------
ubiquity (2.10.23) precise-proposed; urgency=low

  * Honour base-installer/kernel/altmeta when deciding which kernels to
    install or keep installed.

ubiquity (2.10.22) precise-proposed; urgency=low

  [ Dmitrijs Ledkovs ]
  * Make user-setup-encrypted-swap wait until partitioning has finished
    before attempting to adjust /target/etc/fstab. (LP: #1024343)
    (LP: #1068178)

  [ Colin Watson ]
  * Don't remove kernel headers just because we're removing signed kernel
    images of the same flavour (LP: #1070427).

ubiquity (2.10.21) precise-proposed; urgency=low

  [ Colin Watson ]
  * Fix missing parentheses that caused removable installation media
    sometimes to be selected as the default GRUB device (LP: #987418).
  * Support UEFI Secure Boot (LP: #1075181):
    - Try to install a signed kernel if base-installer asks for one, and
      don't leave signed kernels installed if it doesn't.
    - If the SecureBoot EFI variable is set, then ensure that
      grub-efi-amd64-signed and shim-signed remain installed.
    - Copy the signed kernel from /cdrom if it is not in the squashfs.  If
      there is a signed kernel there but no unsigned one, then use sbattach
      to remove the signature and construct the unsigned kernel on the fly.
  * Automatic update of included source packages: base-installer
    1.122ubuntu7.2, grub-installer 1.68ubuntu5.1.

  [ Mario Limonciello ]
  * Don't let oem-config crash from an invalid server return on the timezone
    page. (LP: #887879)

  [ Dmitrijs Ledkovs ]
  * Do not preseed grub-install, if we are not proceeding to install. This
    should fix ValueError, I/O operation on closed file (LP: #1027648)
    (LP: #792652)
  * Prevent progress label to expand & shrink the window (LP: #1046241)

  [ Jonathan Riddell ]
  * Change from a KApplication to a QApplication to avoid using DBus, DBus
    as needed by KApplication no longer works with our multiple user changes
    LP: #1055967
 -- Colin Watson <cjwatson at ubuntu.com>   Thu, 06 Dec 2012 17:20:32 +0000

** Changed in: grub2-signed (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1075181

Title:
  Backport UEFI Secure Boot support for Ubuntu 12.04.2

Status in Ubuntu CD image build software:
  Fix Released
Status in “base-installer” package in Ubuntu:
  Fix Released
Status in “debian-installer” package in Ubuntu:
  Fix Released
Status in “grub-installer” package in Ubuntu:
  Fix Released
Status in “grub2” package in Ubuntu:
  Fix Released
Status in “grub2-signed” package in Ubuntu:
  Fix Released
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-meta-lts-quantal” package in Ubuntu:
  Fix Released
Status in “linux-signed-lts-quantal” package in Ubuntu:
  Invalid
Status in “livecd-rootfs” package in Ubuntu:
  Fix Released
Status in “sbsigntool” package in Ubuntu:
  Fix Released
Status in “shim” package in Ubuntu:
  Fix Released
Status in “shim-signed” package in Ubuntu:
  Fix Released
Status in “ubiquity” package in Ubuntu:
  Fix Released
Status in “ubuntu-defaults-builder” package in Ubuntu:
  Fix Released
Status in “base-installer” source package in Precise:
  Fix Released
Status in “debian-installer” source package in Precise:
  Fix Released
Status in “grub-installer” source package in Precise:
  Fix Released
Status in “grub2” source package in Precise:
  Fix Released
Status in “grub2-signed” source package in Precise:
  Fix Released
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-signed-lts-quantal” source package in Precise:
  Fix Committed
Status in “livecd-rootfs” source package in Precise:
  Fix Released
Status in “sbsigntool” source package in Precise:
  Fix Released
Status in “shim” source package in Precise:
  Fix Committed
Status in “shim-signed” source package in Precise:
  Fix Committed
Status in “ubiquity” source package in Precise:
  Fix Released
Status in “ubuntu-defaults-builder” source package in Precise:
  Fix Released

Bug description:
  [Impact]

  Since systems are beginning to come out with UEFI Secure Boot enabled
  by default if they haven't already, we need to backport this support
  from 12.10 to 12.04.2.  This is a complex set of enablement patches
  across a number of packages.  Most of them will be fairly
  straightforward backports, but there are a few known warts:

   * The grub2 support was built on 2.00, and depends on first backporting a number of other patches (mostly Unicode handling changes and UEFI variable support) to 1.99.
   * 12.04.2 will have an alternate install image, which was removed from 12.10.  Installer support here should be mostly the same as for the server image, but we have stricter space constraints and may need to adjust the way the signed kernel is delivered to deal with this.  Andy Whitcroft and I have a plan for this which we'll implement between us in raring.

  [Test Case]

  The desktop, server, and alternate install images should all boot and
  install on an SB-enabled system.  I would recommend testing
  installations from both a CD and a USB stick.  After each
  installation, use debsums to check that kernel checksums are correct.

  [Regression Potential]

  Check that non-SB installations of all these images still work.  For
  this, it is sufficient to test with either a CD or a USB stick, but
  not necessarily both.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-cdimage/+bug/1075181/+subscriptions

More information about the foundations-bugs mailing list