[Bug 2110302] Re: nullboot 0.5.3 SRUs
Mate Kukri
2110302 at bugs.launchpad.net
Mon Sep 8 15:41:30 UTC 2025
** Description changed:
[Impact]
new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod).
Targeted releases: noble, jammy
[Test plan]
* Test suite passes
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
* CPC - build new image with nullboot preinstalled, and attempt to
register and boot such an images as first time.
We have set block-proposed to allow testing in {noble,jammy}-proposed to
be carried out before migration to release pockets.
[Where problems could occur]
Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.
NOTE: this bug follows precedent set by
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754
+
+ [Additional information]
+ * Added the ability to fetch shim from previous nullboot to allow rebuilds against old shim on shim update (to avoid breakage if e-c-i wasnt updated)
+ * Set disable CGo envvar because nullboot does not use any Cgo things.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nullboot in Ubuntu.
https://bugs.launchpad.net/bugs/2110302
Title:
nullboot 0.5.3 SRUs
Status in nullboot package in Ubuntu:
Invalid
Status in nullboot source package in Jammy:
New
Status in nullboot source package in Noble:
New
Bug description:
[Impact]
new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod).
Targeted releases: noble, jammy
[Test plan]
* Test suite passes
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
* CPC - build new image with nullboot preinstalled, and attempt to
register and boot such an images as first time.
We have set block-proposed to allow testing in {noble,jammy}-proposed
to be carried out before migration to release pockets.
[Where problems could occur]
Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.
NOTE: this bug follows precedent set by
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754
[Additional information]
* Added the ability to fetch shim from previous nullboot to allow rebuilds against old shim on shim update (to avoid breakage if e-c-i wasnt updated)
* Set disable CGo envvar because nullboot does not use any Cgo things.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2110302/+subscriptions
More information about the foundations-bugs
mailing list