[Bug 2076227] Re: shim(-signed) NX support feature freeze exception request

Ɓukasz Zemczak 2076227 at bugs.launchpad.net
Thu Sep 26 08:27:48 UTC 2024 

It is late, and post Beta - which is unfortunate. However, I still feel
it makes sense to get it into oracular. I discussed this with Mate
earlier and the good part about this is that it should be easily
revertible in case we notice issues.

Let's proceed, but I would request doing lots of additional testing of
the dailies and keeping an eye out for reports.

** Changed in: shim-signed (Ubuntu)
       Status: New => Triaged

** Changed in: shim (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2076227

Title:
  shim(-signed) NX  support feature freeze exception request

Status in shim package in Ubuntu:
  Triaged
Status in shim-signed package in Ubuntu:
  Triaged

Bug description:
  This is a high priority feature Canonical was developing during the
  Oracular Oriole cycle.

  The GRUB piece has already hit the archive before FF as 2.12-1ubuntu9
  (with 2.12-5ubuntu1 under review), but asking for an exception on the
  shim pieces due to Microsoft signing being required.

  The following changes are being made:
  - shim package: effectively identical upstream source, with minor changes to produce two executables, one with the NX_COMPAT set and another without
  - shim-signed package: changes to choose which shim to install:
    + existing installation will get non-NX shim on package upgrades
    + new installations will get the NX shim

  Code has already been tested and is available in the following repositories:
  - https://code.launchpad.net/~ubuntu-uefi-team/+git/shim/+ref/master
  - https://code.launchpad.net/~ubuntu-uefi-team/+git/shim-signed/+ref/master

  Testing in the above context means that both shims have been verified
  to boot correctly, with additional testing for the shim installation
  mechanism, and additional testing for the NX shim under the Microsoft
  Mu firmware that has an NX enforcing mode.

  Usable self-signed test builds of the new shims can be found in my nx-
  testing PPA https://launchpad.net/~mkukri/+archive/ubuntu/nx-testing,
  with the real shim for MS submission having been built in the usual
  place at https://launchpad.net/~ubuntu-uefi-
  team/+archive/ubuntu/build.

  The shim-review required for MS submission is under internal review,
  then we will submit the shim-review to  the community, and the shim
  afterwards for MS signing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/2076227/+subscriptions

More information about the foundations-bugs mailing list