[Bug 1063061] Re: please backport support for EFI vars > 1KB

Steve Langasek steve.langasek at canonical.com
Thu Nov 8 08:35:47 UTC 2012 

** Description changed:

+ [Impact]
+ This is needed for full hardware enablement of 12.04 on SecureBoot systems.  Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
+ 
+ [Test Case]
+ On EFI-enabled hardware:
+ 1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
+ 2. install both the linux quantal enablement kernel and mountall from proposed.
+ 3. reboot.
+ 4. verify that /sys/firmware/efi/efivars is now mounted.
+ 
+ [Regression potential]
+ Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
+ 
  As of Linux 3.5, it is not possible to update the SecureBoot database
  from userspace because the sysfs implementation only supports variable
  data up to 1KB in size and this is exceeded by even a minimum key
  database of one key.
  
  Matt Fleming has accepted a patch from Matthew Garrett to add a new
  filesystem that supports larger variables.  Please consider backporting
  this (as an SRU) to both quantal and precise.
  
-    https://lkml.org/lkml/2012/10/5/22
+    https://lkml.org/lkml/2012/10/5/22

** Description changed:

  [Impact]
  This is needed for full hardware enablement of 12.04 on SecureBoot systems.  Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
  
  [Test Case]
  On EFI-enabled hardware:
  1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
- 2. install both the linux quantal enablement kernel and mountall from proposed.
+ 2. install both linux-image-generic-lts-quantal and mountall from proposed.
  3. reboot.
  4. verify that /sys/firmware/efi/efivars is now mounted.
  
  [Regression potential]
  Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
  
  As of Linux 3.5, it is not possible to update the SecureBoot database
  from userspace because the sysfs implementation only supports variable
  data up to 1KB in size and this is exceeded by even a minimum key
  database of one key.
  
  Matt Fleming has accepted a patch from Matthew Garrett to add a new
  filesystem that supports larger variables.  Please consider backporting
  this (as an SRU) to both quantal and precise.
  
     https://lkml.org/lkml/2012/10/5/22

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mountall in Ubuntu.
https://bugs.launchpad.net/bugs/1063061

Title:
  please backport support for EFI vars > 1KB

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “mountall” package in Ubuntu:
  Fix Released
Status in “sbsigntool” package in Ubuntu:
  Fix Released
Status in “linux” source package in Precise:
  Triaged
Status in “mountall” source package in Precise:
  Triaged
Status in “sbsigntool” source package in Precise:
  Invalid
Status in “linux” source package in Quantal:
  Fix Released
Status in “mountall” source package in Quantal:
  Fix Released
Status in “sbsigntool” source package in Quantal:
  Fix Released

Bug description:
  [Impact]
  This is needed for full hardware enablement of 12.04 on SecureBoot systems.  Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).

  [Test Case]
  On EFI-enabled hardware:
  1. verify that /sys/firmware/efi/efivars is not mounted at boot time.
  2. install both linux-image-generic-lts-quantal and mountall from proposed.
  3. reboot.
  4. verify that /sys/firmware/efi/efivars is now mounted.

  [Regression potential]
  Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.

  As of Linux 3.5, it is not possible to update the SecureBoot database
  from userspace because the sysfs implementation only supports variable
  data up to 1KB in size and this is exceeded by even a minimum key
  database of one key.

  Matt Fleming has accepted a patch from Matthew Garrett to add a new
  filesystem that supports larger variables.  Please consider
  backporting this (as an SRU) to both quantal and precise.

     https://lkml.org/lkml/2012/10/5/22

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1063061/+subscriptions

More information about the foundations-bugs mailing list