[Bug 1862171] Re: [SRU] shim 15+1552672080.a4a1fbe-0ubuntu2

Julian Andres Klode 1862171 at bugs.launchpad.net
Thu Sep 3 14:29:24 UTC 2020 

netboot - testing the new shim binaries against stable release grubs
using PXE boot

xenial, bionic, and focal all pass the tests

netboot - booted to kernel ✓
netboot-unsigned-grub  - unsigned grub rejected - "security violation" ✓
netboot-unsigned-kernel - unsigned kernel rejected / not loaded ✓

See test script. Can be run on groovy or any of the systems with the
shim installed, against specified grub debs.


** Attachment added: "shimctl"
   https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1862171/+attachment/5407414/+files/shimctl

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1862171

Title:
  [SRU] shim 15+1552672080.a4a1fbe-0ubuntu2

Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim source package in Xenial:
  Fix Committed
Status in shim-signed source package in Xenial:
  Fix Committed
Status in shim source package in Bionic:
  Fix Committed
Status in shim-signed source package in Bionic:
  Fix Committed
Status in shim source package in Focal:
  Fix Committed
Status in shim-signed source package in Focal:
  Fix Committed
Status in shim source package in Groovy:
  Fix Released
Status in shim-signed source package in Groovy:
  Fix Released

Bug description:
  [Impact]
  New shim, various upstream fixes, fixes support for ARM64, also see bionic arm64 SRU bug: LP: #1890813.

  [Test case]

  Roughly

  https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan

  but I certainly don't have any clue about the maas one.

  [Regression potential]
  - System might not boot anymore
  - System might not boot some helpers like fwupd anymore (which was a regression in ubuntu1 we fixed)
  - New security bugs that make shim load unsigned stuff are of course possible too

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1862171/+subscriptions

More information about the foundations-bugs mailing list