[Bug 1797011] Please test proposed package

Tue Nov 6 15:59:48 UTC 2018

Hello Mathieu, or anyone else affected,

Accepted mokutil into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/mokutil/0.3.0+1538710437.fb6250f-
0ubuntu2~14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-trusty to verification-done-trusty. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-trusty. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1797011

Title:
  [FFE] Update mokutil to fb6250f2

Status in mokutil package in Ubuntu:
  Fix Released
Status in mokutil source package in Trusty:
  Fix Committed
Status in mokutil source package in Xenial:
  Fix Committed
Status in mokutil source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  Potentially any Ubuntu users on UEFI systems; as mokutil is used to control from the userland the behavior of Secure Boot via shim.

  New features have been introduced in mokutil that we'll want to make
  use of in supported releases along with the new shim updates:

   - Better control of timeout for the MokManager prompts
   - Exporting PK, KEK, DB, MOK keys to be used to streamline upgrades and avoid failing upgrades when custom-signed kernels are in use.

  [Test case]

  == Disabling timeout ==
  1) Run 'sudo mokutil --timeout -1'.
  2) Run 'sudo mokutil --reset' (or another command that requires user interaction in MokManager)
  2) On reboot, validate that MokManager does not show a timeout screen, and instead immediately stops at the menu.

  == Changing timeout ==
  1) Run 'sudo mokutil --timeout 666'.
  2) Run 'sudo mokutil --reset' (or another command that requires user interaction in MokManager)
  2) On reboot, validate that MokManager shows a timer of 666 seconds before continuing to reboot, waiting for user input.

  == Exporting keys ==
  1) Run 'sudo mokutil --export --db'; 'sudo mokutil --export --kek', etc.
  2) Validate that mokutil allows exporting the contents of DB, KEK, etc.

  [Regression potential]
  This affects the userland tool used to communicate tasks to have done by MokManager at early boot. As such, any failure to enroll certificates, to disable validation in shim, to export keys or list keys should be investigated as possible regressions caused by this update.

  ---

  Update mokutil to a git snapshot of fb6250f2.

  Changes since cca7219 (current git snapshot in cosmic):

  fb6250f Update TODO
  af2387a Rename export_moks as export_db_keys
  4efbb0e Add support for exporting other keys
  f0217e5 add new --mok argument
  73c045b set list-enrolled command as default for some arguments
  382ba20 Add more info to --sb-state: show when we're in SetupMode or with shim validation disabled
  303ee33 Correct help: --set-timeout is really --timeout
  385a7dd generate_hash() / generate_pw_hash(): don't use strlen() for strncpy bounds
  c8b26c2 Add the type casting to silence the warning

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1797011/+subscriptions