[Bug 2076227] Re: shim(-signed) NX support feature freeze exception request

Mate Kukri 2076227 at bugs.launchpad.net
Thu Oct 3 07:41:26 UTC 2024 

** Changed in: shim (Ubuntu Oracular)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2076227

Title:
  shim(-signed) NX  support feature freeze exception request

Status in cd-boot-images-amd64 package in Ubuntu:
  Fix Released
Status in cd-boot-images-arm64 package in Ubuntu:
  Fix Released
Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in cd-boot-images-amd64 source package in Oracular:
  Fix Released
Status in cd-boot-images-arm64 source package in Oracular:
  Fix Released
Status in shim source package in Oracular:
  Fix Released
Status in shim-signed source package in Oracular:
  Fix Released

Bug description:
  This is a high priority feature Canonical was developing during the
  Oracular Oriole cycle.

  The GRUB piece has already hit the archive before FF as 2.12-1ubuntu9
  (with 2.12-5ubuntu1 under review), but asking for an exception on the
  shim pieces due to Microsoft signing being required.

  The following changes are being made:
  - shim package: effectively identical upstream source, with minor changes to produce two executables, one with the NX_COMPAT set and another without
  - shim-signed package: changes to choose which shim to install:
    + existing installation will get non-NX shim on package upgrades
    + new installations will get the NX shim

  Code has already been tested and is available in the following repositories:
  - https://code.launchpad.net/~ubuntu-uefi-team/+git/shim/+ref/master
  - https://code.launchpad.net/~ubuntu-uefi-team/+git/shim-signed/+ref/master

  Testing in the above context means that both shims have been verified
  to boot correctly, with additional testing for the shim installation
  mechanism, and additional testing for the NX shim under the Microsoft
  Mu firmware that has an NX enforcing mode.

  Usable self-signed test builds of the new shims can be found in my nx-
  testing PPA https://launchpad.net/~mkukri/+archive/ubuntu/nx-testing,
  with the real shim for MS submission having been built in the usual
  place at https://launchpad.net/~ubuntu-uefi-
  team/+archive/ubuntu/build.

  The shim-review required for MS submission is under internal review,
  then we will submit the shim-review to  the community, and the shim
  afterwards for MS signing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cd-boot-images-amd64/+bug/2076227/+subscriptions

More information about the foundations-bugs mailing list