[Bug 1063061] Re: please backport support for EFI vars > 1KB
Steve Langasek
steve.langasek at canonical.com
Thu Nov 8 08:35:47 UTC 2012
** Description changed:
+ [Impact]
+ This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
+
+ [Test Case]
+ On EFI-enabled hardware:
+ 1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
+ 2. install both the linux quantal enablement kernel and mountall from proposed.
+ 3. reboot.
+ 4. verify that /sys/firmware/efi/efivars is now mounted.
+
+ [Regression potential]
+ Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
+
As of Linux 3.5, it is not possible to update the SecureBoot database
from userspace because the sysfs implementation only supports variable
data up to 1KB in size and this is exceeded by even a minimum key
database of one key.
Matt Fleming has accepted a patch from Matthew Garrett to add a new
filesystem that supports larger variables. Please consider backporting
this (as an SRU) to both quantal and precise.
- https://lkml.org/lkml/2012/10/5/22
+ https://lkml.org/lkml/2012/10/5/22
** Description changed:
[Impact]
This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
[Test Case]
On EFI-enabled hardware:
1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
- 2. install both the linux quantal enablement kernel and mountall from proposed.
+ 2. install both linux-image-generic-lts-quantal and mountall from proposed.
3. reboot.
4. verify that /sys/firmware/efi/efivars is now mounted.
[Regression potential]
Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
As of Linux 3.5, it is not possible to update the SecureBoot database
from userspace because the sysfs implementation only supports variable
data up to 1KB in size and this is exceeded by even a minimum key
database of one key.
Matt Fleming has accepted a patch from Matthew Garrett to add a new
filesystem that supports larger variables. Please consider backporting
this (as an SRU) to both quantal and precise.
https://lkml.org/lkml/2012/10/5/22
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mountall in Ubuntu.
https://bugs.launchpad.net/bugs/1063061
Title:
please backport support for EFI vars > 1KB
Status in “linux” package in Ubuntu:
Fix Committed
Status in “mountall” package in Ubuntu:
Fix Released
Status in “sbsigntool” package in Ubuntu:
Fix Released
Status in “linux” source package in Precise:
Triaged
Status in “mountall” source package in Precise:
Triaged
Status in “sbsigntool” source package in Precise:
Invalid
Status in “linux” source package in Quantal:
Fix Released
Status in “mountall” source package in Quantal:
Fix Released
Status in “sbsigntool” source package in Quantal:
Fix Released
Bug description:
[Impact]
This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
[Test Case]
On EFI-enabled hardware:
1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
2. install both linux-image-generic-lts-quantal and mountall from proposed.
3. reboot.
4. verify that /sys/firmware/efi/efivars is now mounted.
[Regression potential]
Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
As of Linux 3.5, it is not possible to update the SecureBoot database
from userspace because the sysfs implementation only supports variable
data up to 1KB in size and this is exceeded by even a minimum key
database of one key.
Matt Fleming has accepted a patch from Matthew Garrett to add a new
filesystem that supports larger variables. Please consider
backporting this (as an SRU) to both quantal and precise.
https://lkml.org/lkml/2012/10/5/22
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1063061/+subscriptions
More information about the foundations-bugs
mailing list