[Bug 1602605] Re: Ambigous dialogue box when running update-secureboot-policy
Steve Langasek
steve.langasek at canonical.com
Thu Jul 14 00:48:01 UTC 2016
This wording is deliberate. The way that shim+mok works, when you make
this change, shim will willingly chainload anything you point it at.
This is functionally indistinguishable, security-wise, from disabling
Secure Boot in the firmware; it's just that by using MOK we're able to
do so in a way that's guided and consistent across all systems.
Describing this in terms of the technical details of MOK would be
confusing for users, and make it harder for them to understand the key
point that making this change disables the protection of Secure Boot.
The current wording has also been reviewed by the Design Team, passing
muster with both them and Foundations.
So we don't intend to change this dialog to talk about MOK. Closing
wontfix.
** Changed in: shim-signed (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1602605
Title:
Ambigous dialogue box when running update-secureboot-policy
Status in shim-signed package in Ubuntu:
Won't Fix
Bug description:
Currently the dialogue box that appears when calling update-
secureboot-policy on a system with secure-boot enabled in bios will
talk about disabling "UEFI Secure Boot". This and the whole text
sounded rather like modifying the setting in bios than what is
actually done (change the shim mode). I don't know what would be a
better description for it but right now it sounds like it could lead
to a lot of misunderstandings.
One other thing which I cannot test as I currently have no secure-boot
dual boot system: the message about booting in non-secure boot is
displayed by shim before the grub screen. Does that mean secure-boot
is disabled for anything that is booted by grub? Because normally when
I had dual-boot, the selection is made on the grub selection screen
which then chainloads into either Windows or Linux.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1602605/+subscriptions
More information about the foundations-bugs
mailing list