group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1689687] Re: pass validation if shim protocol is not installed

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Mathieu Trudel-Lapierre <mathieu.tl@xxxxxxxxx>
Date: Wed, 07 Jun 2017 17:27:58 -0000
Reply-to: Bug 1689687 <1689687@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium

  * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
    SB patch set:
    - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
      chainloader.
    - linuxefi_fix_validation_race.patch: Fix a race in validating images.
    - linuxefi_chainloader_path.patch: honor the starting path for grub, so
      images do not need to be started from $root.
    - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
      when Secure Boot is enabled.
    - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
      loaders: don't load the commands when Secure Boot is enabled.
    - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
      initrd commands to automatically hand-off to linuxefi/initrdefi; re-
      enable the linux loader.
    - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
      "special" PE images, such as Windows'.
    - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
      disabled or shim validation is disabled so loading works as EFI binaries
      when it is supposed to.
    - Removed linuxefi_require_shim.patch; superseded by the above.

** Changed in: grub2 (Ubuntu Artful)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1689687

Title:
  pass validation if shim protocol is not installed

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2 source package in Xenial:
  New
Status in grub2 source package in Yakkety:
  New
Status in grub2 source package in Zesty:
  New
Status in grub2 source package in Artful:
  Fix Released

Bug description:
  GRUB currently fails SecureBoot validation (ie. calls to
  grub_linuxefi_secure_validate() fail) if shim's protocol is not
  installed when that function is called.

  This currently breaks some kernel features relying on starting in the
  EFI stub code (ie. the kernel being loaded as an EFI binary); and
  instead falls back to the 'linux' command instead of 'linuxefi'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1689687/+subscriptions

References

[Bug 1689687] [NEW] pass validation if shim protocol is not installed
From: Mathieu Trudel-Lapierre, 2017-05-10