[Bug 2076929] Re: [SRU] Rebuild cd-boot-images-{amd64, arm64} against new shim

Christian Ehrhardt  2076929 at bugs.launchpad.net
Fri Aug 30 12:05:48 UTC 2024 

Thanks for the clarifying MM/IRC discussions Mate!
The case is indeed clear once one cleared the view of all the different grub* things that play into this and are much more clear to you than to anyone just coming by :-).

To summarize my understanding:

- bug 2043084 brought us
  - https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.5
  - https://launchpad.net/ubuntu/+source/grub2-signed/1.187.8
  - into jammy-proposed
  - Fully verifying these takes a while
  - It is non-crticial and can wait

- Now we need to quickly rebuild images against shim 15.8
  - The binaries mentioned above in -proposed block that
  - Mate drives both activities
  - He is ok to reset his bug 2043084 to unblock this more urgent one

- After this is done, bug 2043084 can re-enter proposed.
  - Mate will upload again for doing so when the time is right

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cd-boot-images-arm64 in Ubuntu.
https://bugs.launchpad.net/bugs/2076929

Title:
  [SRU] Rebuild cd-boot-images-{amd64,arm64} against new shim

Status in cd-boot-images-amd64 package in Ubuntu:
  Confirmed
Status in cd-boot-images-arm64 package in Ubuntu:
  Confirmed
Status in cd-boot-images-amd64 source package in Jammy:
  Fix Committed
Status in cd-boot-images-arm64 source package in Jammy:
  Fix Committed

Bug description:
  [ Impact ]

   * Microsoft is rolling out SBAT revocations via Windows update such that
     single-boot machines with Windows won't be able to boot shim executables
     with SBAT level less than shim,4.

   * For the 22.04.5 media we would like to include the 15.8 shim so that
     it is bootable on such machines.

  [ Test Plan ]

   * Ensure that the resulting cd-boot images contain our 15.8-0ubuntu1 MS UEFI
     CA signed shim executable.

  [ Where problems could occur ]

   * Impact is limited to media built using the new cd-boot images which will go
     through the usual rigorous QA process.

   * The shim and grub that will be used as part of this process will be in the Jammy
     archive before being part of media.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cd-boot-images-amd64/+bug/2076929/+subscriptions

More information about the foundations-bugs mailing list