[Bug 1637290] Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Mon Nov 21 17:44:23 UTC 2016 

** Tags removed: verification-failed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1637290

Title:
  Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from
  Microsoft

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in grub2 source package in Precise:
  New
Status in grub2-signed source package in Precise:
  New
Status in livecd-rootfs source package in Precise:
  Invalid
Status in shim source package in Precise:
  New
Status in shim-signed source package in Precise:
  New
Status in grub2 source package in Trusty:
  Fix Committed
Status in grub2-signed source package in Trusty:
  Fix Committed
Status in livecd-rootfs source package in Trusty:
  Invalid
Status in shim source package in Trusty:
  New
Status in shim-signed source package in Trusty:
  Fix Committed
Status in grub2 source package in Xenial:
  Fix Committed
Status in grub2-signed source package in Xenial:
  Fix Committed
Status in livecd-rootfs source package in Xenial:
  Triaged
Status in shim source package in Xenial:
  New
Status in shim-signed source package in Xenial:
  Fix Committed
Status in grub2 source package in Yakkety:
  Fix Committed
Status in grub2-signed source package in Yakkety:
  Fix Committed
Status in livecd-rootfs source package in Yakkety:
  Fix Committed
Status in shim source package in Yakkety:
  New
Status in shim-signed source package in Yakkety:
  Fix Committed

Bug description:
  [Impact]
  We might want to boot securely one of these days.

  [Test case]
  1) Upgrading
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
  - Verify that the new shimx64.efi file is under /boot/efi/EFI/ubuntu, along with mmx64.efi and fbx64.efi.
  - Verify that /boot/efi/EFI/ubuntu/MokManager.efi no longer exists.
  - Verify that trying to apt install grub alone, or apt install shim alone, pulls in the correct matching versions of packages and gives the same results.

  2) Booting normally
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, with Secure Boot enabled.
  - Verify it boots successfully to the login prompt.
  - There should be no messages about "Verification failure" or other errors before the kernel is loaded.

  3) Network boot.
  - Update to shim signed and grub2 signed EFI binaries on the TFTP server used.
  - Verify that a network booting system still boots normally through shim and grub, reaching a login prompt.

  4) BootEntry options
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
  - Update or install fwupdate.
  - Verify that new updates can be applied via fwupdate, that when an update is available, fwupdate will correctly start, apply the update, and reboot to shim normally, leading to a working system.

  5) live builds
  - confirm that the new version of livecd-rootfs has been published to -updates first, and that a daily build of the UEFI-enabled cloud images succeeds with the new shim filenames.

  [Regression Potential]
  Any failure to load the kernel from grub, or for shim to load grub, or for the system firmware to load shim (such as "Verification failure" messages) or failure to retrieve or parse BootEntry extended options (such as necessary to load MokManager or fwupdate) should be considered regressions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1637290/+subscriptions

More information about the foundations-bugs mailing list