[Bug 1921539] Re: Add support for SBAT
Mario Limonciello
1921539 at bugs.launchpad.net
Fri Apr 16 18:20:11 UTC 2021
@ycheng-twn:
In your groovy tests from one run to another was secure boot on from the
moment you initiated the FW update? Or did you just turn it on after
the reboot and pick "Linux Firmware Updater" entry?
I ask because fwupd will examine the state of secure boot at the time
the update is attempted from in Ubuntu. If it's off, the non-signed
UEFI binary is placed on the ESP. If it's on at that time, the signed
binary is placed on the ESP. If you subverted the flow by changing
secure boot "in-between" that could be the reason for the failure with
SB on.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1921539
Title:
Add support for SBAT
Status in OEM Priority Project:
Confirmed
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
Fix Released
Status in fwupd source package in Bionic:
In Progress
Status in fwupd-signed source package in Bionic:
In Progress
Status in fwupd source package in Focal:
In Progress
Status in fwupd-signed source package in Focal:
In Progress
Status in fwupd source package in Groovy:
Fix Committed
Status in fwupd-signed source package in Groovy:
Fix Committed
Status in fwupd source package in Hirsute:
Fix Released
Status in fwupd-signed source package in Hirsute:
Fix Released
Bug description:
[Impact]
Future releases of shim will require that EFI binaries that are chainloaded include an SBAT region. fwupd in bionic does not currently contain this region.
[Test Case]
Verify that a shim that checks for sbat region can boot the fwupd with sbat region.
[Regression Potential]
This is moving to a new stable release in each of the series which is in bug fix only mode. The sbat region is the only "feature" that has been backported to this series in over a year.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions
More information about the foundations-bugs
mailing list