[ubuntu/focal-security] edk2 0~20191122.bd85bf54-2ubuntu3.5 (Accepted)

[Mark Esler]

edk2 (0~20191122.bd85bf54-2ubuntu3.5) focal; urgency=medium

  * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
    Thanks to Mate Kukri. LP: #2040137.
    - Backport support for GetSetupMode() and IsSecureBootEnabled():
      + 0001-SecurityPkg-Create-SecureBootVariableLib.patch
      + 0002-ArmVirtPkg-add-SecureBootVariableLib-class-resolutio.patch
      + 0003-OvmfPkg-add-SecureBootVariableLib-class-resolution.patch
      + 0004-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch
      + 0005-EmulatorPkg-add-SecureBootVariableLib-class-resoluti.patch
    - Disable the built-in Shell when SecureBoot is enabled:
      + Disable-the-Shell-when-SecureBoot-is-enabled.patch

edk2 (0~20191122.bd85bf54-2ubuntu3.4) focal; urgency=medium

  [ dann frazier ]
  * Provide 4MB OVMF images: The existing 2MB images no longer
    have sufficient variable space for the current Secure Boot
    Forbidden Signature Database. (LP: #1885662)
    - Convert targets for pre-enrolled variable template images
      into pattern rules. This will be useful for adding additional
      pre-enrolled variable templates.
    - Update fw descriptors to reference 4M images instead of their
      2M counterparts. This will migrate tools that use the descriptor
      interface (like libvirt) over to the 4M images when creating new
      VMs. Existing 2M VMs will require manual migration.
  * Increase autopkgtest timeout from 30s to 60s. (LP: #1885186)

  [ Mustafa Kemal Gilor ]
  * Added autopkg tests for 4MB OVMF images. (LP: #1885662)

Date: 2024-02-14 01:05:10.390518+00:00
Changed-By: dann frazier <dann.frazier at canonical.com>
Signed-By: Mark Esler <mark.esler at canonical.com>
https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.5
-------------- next part --------------
Sorry, changesfile not available.