group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1921134] Re: SBAT shim 15.4 release

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1921134@xxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Sep 2021 08:20:35 -0000
Reply-to: Bug 1921134 <1921134@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package shim-signed - 1.37~18.04.10

---------------
shim-signed (1.37~18.04.10) bionic; urgency=medium

  * Remove unnecessary efitools dependency that prevented build on arm64

shim-signed (1.37~18.04.9) bionic; urgency=medium

  * New upstream release 15.4.  LP: #1921134
  * Synchronize packaging with 1.50, summary
    - Update packaging to pull fb and mm from shim-signed package as in
      later releases, dropping the runtime dependency on shim.
    - Add download-signed script from linux-signed package
    - Include reworked Makefile from devel to better assert the integrity of
      the executables.
    - Dual-signed shim
    - Set XB-Important: yes on shim-signed package so that it cannot be
      removed by accident (LP: #1898729)
    - download-signed: Fetch signed artefacts from versioned URL instead
      of current/ symlink to work around caching (LP: #1936640)
  * Update to shim 15.4-0ubuntu5:
    - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
      is causing systems to run out of EFI storage space, or just hang up
      when trying to write it (LP: #1924605) (LP: #1928434)
    - Further relax the check for variable mirroring on non-secureboot systems
      avoiding boot failures on out of space conditons (pull request #372)
    - Don't unhook ExitBootServices() when EBS protection is disabled
      (LP: #1931136) (pull request #378)
  * Update to shim 15.4-0ubuntu7:
    - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
    - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
    - Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
    - mok: relax the maximum variable size check (LP: #1934780) (PR #369)

 -- Julian Andres Klode <juliank@xxxxxxxxxx>  Mon, 19 Jul 2021 17:01:19
+0200

** Changed in: shim-signed (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1921134

Title:
  SBAT shim 15.4 release

Status in OEM Priority Project:
  Confirmed
Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim-signed source package in Xenial:
  Fix Released
Status in shim-signed source package in Bionic:
  Fix Released
Status in shim-signed source package in Focal:
  Fix Released
Status in shim-signed source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

   * New upstream shim release 15.4
   * It includes and enforces SBAT validation

  [Test Plan]

   * https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan

  [Where problems could occur]

   * Upgrading to new shim, without upgrading to the new grub with sbat
  will fail to boot, as grub must include SBAT section.

   * Upgrading to new shim, without upgrading to the new fwupdate with
  sbat will fail to boot, as fwupdate must include SBAT section.

  [Other Info]

   * All patches are dropped, as all got included in the v15.3 upstream release
   * Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
   * Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims
   * This upload obsoletes shim-signed-canonical package

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1921134/+subscriptions