[Bug 1971965] Re: fwupd has dbx plugin enabled but shouldn't

Launchpad Bug Tracker 1971965 at bugs.launchpad.net
Sun Sep 4 04:17:18 UTC 2022 

[Expired for fwupd (Ubuntu Jammy) because there has been no activity for
60 days.]

** Changed in: fwupd (Ubuntu Jammy)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/1971965

Title:
  fwupd has dbx plugin enabled but shouldn't

Status in fwupd package in Ubuntu:
  Expired
Status in fwupd source package in Focal:
  Expired
Status in fwupd source package in Impish:
  Expired
Status in fwupd source package in Jammy:
  Expired
Status in fwupd source package in Kinetic:
  Expired

Bug description:
  In discussion with the Security Team, I've learned that the dbx plugin
  in fwupd is enabled by default.  Prior to 22.04 release I had
  conversations about the fact that we should not be using fwupd to
  deliver dbx updates by default, but these don't seem to have resulted
  in changes to the packaging.  We may in the future want to use fwupd
  to deliver dbx updates, but in the meantime there is a concern that
  delivery of dbx updates needs to be coordinated with the OS (we have
  the secureboot-db package seeded across all products in support of
  this), and there is not coordination between fwupd and the OS package
  manager.

  We need to update fwupd to disable the dbx plugin by default
  (DisabledPlugins= in /etc/fwupd/daemon.conf).

  This affects both jammy and focal, where fwupd has been SRUed.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: fwupd 1.7.5-3
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May  6 11:04:01 2022
  InstallationDate: Installed on 2019-12-23 (864 days ago)
  InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: fwupd
  UpgradeStatus: Upgraded to jammy on 2022-04-15 (20 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1971965/+subscriptions

More information about the foundations-bugs mailing list