[Bug 1917509] Re: Call for testing: grub2 security updates

Alex Murray 1917509 at bugs.launchpad.net
Wed Mar 3 03:53:00 UTC 2021 

On my local bare metal groovy install I tested upgrading to the new grub
binaries from groovy-proposed and after a reboot my machine successfully
booted - I have tried to generalise the instructions for doing this so
they can be used on any release:

# enable use of -proposed as per https://wiki.ubuntu.com/Testing/EnableProposed
cat <<EOF | sudo tee /etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# only selectively upgrade from -proposed
cat <<EOF | sudo tee /etc/apt/preferences.d/proposed-updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF

# get list of packages in -proposed
sudo apt update

# update standard grub2 packages from -proposed
sudo apt install \
     grub-efi-amd64-bin/"$(lsb_release -cs)"-proposed \
     grub-efi-amd64-signed/"$(lsb_release -cs)"-proposed \
     grub2-common/"$(lsb_release -cs)"-proposed \
     grub-pc/"$(lsb_release -cs)"-proposed \
     grub-pc-bin/"$(lsb_release -cs)"-proposed \
     grub-common/"$(lsb_release -cs)"-proposed

sudo reboot

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1917509

Title:
  Call for testing: grub2 security updates

Status in grub2 package in Ubuntu:
  New
Status in grub2-signed package in Ubuntu:
  New
Status in grub2-unsigned package in Ubuntu:
  New

Bug description:
  Several security issues were announced on 2021-03-02, see
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021
  for details.

  As part of this update, a large number of changes were incorporated,
  both in grub2 and how it is packaged. Updates will initially be
  published to the -proposed pockets of each release. Testing is greatly
  appreciated and feedback can be collected on this bug report.

  [XXX Fill in information on how to enable proposed and install grub
  updates here]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1917509/+subscriptions

More information about the foundations-bugs mailing list