[Bug 1960783] Re: don't install unsigned fwupd efi app by default
Yuan-Chen Cheng
1960783 at bugs.launchpad.net
Tue Mar 1 14:21:00 UTC 2022
test on impish:
1. remove fwupd and related deb.
2. Turn on the proposed channel.
3. Then apt-get installs fwupd. fwupd-unsigned is not installed, fwupd-signed is installed properly.
4. "fwupdmgr reinstall" and choose machine bios, as secure boot is off, this works perfectly. (for secure boot on case, that will be tested on other SRU bug, and this one will focus on the logic that fwupd-unsigned is not installed, and we still can do bios upgrade as secure boot is off.)
Given above, verification done for impish.
** Tags removed: verification-needed-impish
** Tags added: verification-done-impish
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1960783
Title:
don't install unsigned fwupd efi app by default
Status in OEM Priority Project:
In Progress
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
Fix Released
Status in fwupd source package in Focal:
Fix Committed
Status in fwupd-signed source package in Focal:
Fix Committed
Status in fwupd source package in Impish:
Fix Committed
Status in fwupd-signed source package in Impish:
Fix Committed
Bug description:
Per current ubuntu, we install signed efi / kernel by default.
It seems reasonable to do the same on the fwupd efi app.
This one is a follow up bug for comment 27 ~ 35 of lp:1949412 and the
SRU document also goes there.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1960783/+subscriptions
More information about the foundations-bugs
mailing list