[Bug 2076227] [NEW] shim(-signed) NX support feature freeze exception request
Mate Kukri
2076227 at bugs.launchpad.net
Wed Aug 7 10:40:10 UTC 2024
Public bug reported:
This is a high priority feature Canonical was developing during the
Oracular Oriole cycle.
The GRUB piece has already hit the archive before FF as 2.12-1ubuntu9
(with 2.12-5ubuntu1 under review), but asking for an exception on the
shim pieces due to Microsoft signing being required.
The following changes are being made:
- shim package: effectively identical upstream source, with minor changes to produce two executables, one with the NX_COMPAT set and another without
- shim-signed package: changes to choose which shim to install:
+ existing installation will get non-NX shim on package upgrades
+ new installations will get the NX shim
Code has already been tested and is available in the following repositories:
- https://code.launchpad.net/~ubuntu-uefi-team/+git/shim/+ref/master
- https://code.launchpad.net/~ubuntu-uefi-team/+git/shim-signed/+ref/master
Testing in the above context means that both shims have been verified to
boot correctly, with additional testing for the shim installation
mechanism, and additional testing for the NX shim under the Microsoft Mu
firmware that has an NX enforcing mode.
Usable self-signed test builds of the new shims can be found in my nx-
testing PPA https://launchpad.net/~mkukri/+archive/ubuntu/nx-testing,
with the real shim for MS submission having been built in the usual
place at https://launchpad.net/~ubuntu-uefi-team/+archive/ubuntu/build.
The shim-review required for MS submission is under internal review,
then we will submit the shim-review to the community, and the shim
afterwards for MS signing.
** Affects: shim (Ubuntu)
Importance: Undecided
Status: New
** Affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- shim(-signed) NX support feature freeze exception
+ shim(-signed) NX support feature freeze exception request
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2076227
Title:
shim(-signed) NX support feature freeze exception request
Status in shim package in Ubuntu:
New
Status in shim-signed package in Ubuntu:
New
Bug description:
This is a high priority feature Canonical was developing during the
Oracular Oriole cycle.
The GRUB piece has already hit the archive before FF as 2.12-1ubuntu9
(with 2.12-5ubuntu1 under review), but asking for an exception on the
shim pieces due to Microsoft signing being required.
The following changes are being made:
- shim package: effectively identical upstream source, with minor changes to produce two executables, one with the NX_COMPAT set and another without
- shim-signed package: changes to choose which shim to install:
+ existing installation will get non-NX shim on package upgrades
+ new installations will get the NX shim
Code has already been tested and is available in the following repositories:
- https://code.launchpad.net/~ubuntu-uefi-team/+git/shim/+ref/master
- https://code.launchpad.net/~ubuntu-uefi-team/+git/shim-signed/+ref/master
Testing in the above context means that both shims have been verified
to boot correctly, with additional testing for the shim installation
mechanism, and additional testing for the NX shim under the Microsoft
Mu firmware that has an NX enforcing mode.
Usable self-signed test builds of the new shims can be found in my nx-
testing PPA https://launchpad.net/~mkukri/+archive/ubuntu/nx-testing,
with the real shim for MS submission having been built in the usual
place at https://launchpad.net/~ubuntu-uefi-
team/+archive/ubuntu/build.
The shim-review required for MS submission is under internal review,
then we will submit the shim-review to the community, and the shim
afterwards for MS signing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/2076227/+subscriptions
More information about the foundations-bugs
mailing list