group.of.nepali.translators team mailing list archive

[Mathieu Trudel-Lapierre <mathieu.tl@xxxxxxxxx>]

Public bug reported:

[Impact]
Since the implementation of UEFI Secure Boot in Ubuntu, there has been a large number of changes to the EFI patchset, handled "upstream" at https://github.com/vathpela/grub2-fedora/tree/sb. This is a complex set of enablement patches across a number of packages. Most of them will be fairly straightforward backports, but there are a few known warts:

 * The included patches are based on grub2 2.02~beta3; as such, some
patches require extra backporting effort of other pieces of the loader
code down to releases that do not yet include 2.02~beta3 code.

[Test Case]
The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, validate that Secure Boot is enabled by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as /sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation may be disabled).

Tests should include:
- booting with Secure Boot enabled
- booting with Secure Boot enabled, but shim validation disabled
- booting with Secure Boot disabled, but still in EFI mode

[Regression Potential]
Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both.

** Affects: grub2 (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2-signed (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2 (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: grub2-signed (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: grub2 (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: grub2-signed (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: grub2 (Ubuntu Yakkety)
     Importance: Undecided
         Status: New

** Affects: grub2-signed (Ubuntu Yakkety)
     Importance: Undecided
         Status: New

** Affects: grub2 (Ubuntu Zesty)
     Importance: Undecided
         Status: New

** Affects: grub2-signed (Ubuntu Zesty)
     Importance: Undecided
         Status: New

** Affects: grub2 (Ubuntu Artful)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2-signed (Ubuntu Artful)
     Importance: Undecided
         Status: Fix Released

** Also affects: grub2 (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: grub2 (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Changed in: grub2 (Ubuntu Artful)
       Status: New => Fix Released

** Also affects: grub2-signed (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1696599

Title:
  backport/sync UEFI, Secure Boot support

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2 source package in Trusty:
  New
Status in grub2-signed source package in Trusty:
  New
Status in grub2 source package in Xenial:
  New
Status in grub2-signed source package in Xenial:
  New
Status in grub2 source package in Yakkety:
  New
Status in grub2-signed source package in Yakkety:
  New
Status in grub2 source package in Zesty:
  New
Status in grub2-signed source package in Zesty:
  New
Status in grub2 source package in Artful:
  Fix Released
Status in grub2-signed source package in Artful:
  Fix Released

Bug description:
  [Impact]
  Since the implementation of UEFI Secure Boot in Ubuntu, there has been a large number of changes to the EFI patchset, handled "upstream" at https://github.com/vathpela/grub2-fedora/tree/sb. This is a complex set of enablement patches across a number of packages. Most of them will be fairly straightforward backports, but there are a few known warts:

   * The included patches are based on grub2 2.02~beta3; as such, some
  patches require extra backporting effort of other pieces of the loader
  code down to releases that do not yet include 2.02~beta3 code.

  [Test Case]
  The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, validate that Secure Boot is enabled by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as /sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation may be disabled).

  Tests should include:
  - booting with Secure Boot enabled
  - booting with Secure Boot enabled, but shim validation disabled
  - booting with Secure Boot disabled, but still in EFI mode

  [Regression Potential]
  Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions