[Bug 1921539] Re: Add support for SBAT
Launchpad Bug Tracker
1921539 at bugs.launchpad.net
Mon Aug 2 13:40:57 UTC 2021
This bug was fixed in the package fwupd - 1.5.11-0ubuntu1~20.04.2
---------------
fwupd (1.5.11-0ubuntu1~20.04.2) focal; urgency=medium
* force to use libjcat >= 0.1.3, or signature verification will
failed.
fwupd (1.5.11-0ubuntu1~20.04.1) focal; urgency=medium
* New upstream version (1.5.11) to support Dell dock USB4 module.
(LP: #1934209)
* Drop all patches upstream.
* Downgrade libgusb from 0.3.5 to 0.3.4 which used in focal after
checking through all commits between.
fwupd (1.5.8-0ubuntu1) hirsute; urgency=medium
* New upstream version (1.5.8)
* Backport a patch to fix SBAT (LP: #1921539)
* Drop all other patches, upstream.
fwupd (1.5.7-3) unstable; urgency=medium
* Backport a patch to fix regression in fwupdtool activate
* Backport a patch to fix activatable devices getting stuck in an update loop
* Rebuild to pick up new signing keys.
fwupd (1.5.7-2) unstable; urgency=medium
* Backport a patch to fix FTBFS on armhf for SBAT
fwupd (1.5.7-1) unstable; urgency=medium
* New upstream version (1.5.7)
- Fixes issues with SBAT on UEFI.
* Fixes dependencies for -dev packages:
Closes: #980691, #980684
fwupd (1.5.6-1) unstable; urgency=medium
[ Steve McIntyre ]
* Fix up Uploaders for the -signed packages - remove Jared, add Matthias
[ Mario Limonciello ]
* New upstream version (1.5.6)
* drop all upstream patches
fwupd (1.5.5-2) unstable; urgency=medium
* fwupd.postinst: Adjust to read /etc/os-release instead of `/etc/lsb-
release`
fwupd (1.5.5-1) unstable; urgency=medium
* New upstream version (1.5.5)
* trivial: debian: migrate uefi->uefi_capsule in uefi.conf
* trivial: debian: fix modules-load.d directory
* trivial: debian: add dbus to recommends (Closes: #980049)
* Backport 2 patches for continual "Unknown" message on new connections
* trivial: debian: read /etc/lsb-release instead of dpkg-dev (Closes: #977860, #977861, #970783)
fwupd (1.5.3-2) unstable; urgency=medium
* trivial: debian: only install fwupd-msr.conf if needed
fwupd (1.5.3-1) unstable; urgency=medium
* New upstream version (1.5.3)
* Drop all patches (upstream)
* Follow defaults for nvme and redfish plugins (don't need efivar now)
* debian/control:
- Drop libsoup build dependency
- Add libcurl build dependency
- Add systemd build dependency
* Migrate debian/fwupd.preinst content to debian/fwupd.maintscript
fwupd (1.5.1-5) unstable; urgency=medium
* Backport patch to fix ppc64el autopkgtest failure
fwupd (1.5.1-4) unstable; urgency=medium
* trivial: debian: disable downloading from LVFS in autopkgtest
fwupd (1.5.1-3) unstable; urgency=medium
* Add breaks for fwupdate 12-7 (Closes: #960688)
* trivial: debian: add git to fwupdate-tests dependencies
fwupd (1.5.1-2) unstable; urgency=medium
[ Mario Limonciello ]
* Backport a patch to indicate if packages are supported or not
* backport a patch to fix autopkgtests on ppc64el
* trivial: debian: don't hardcode paths in libexec
* trivial: debian: disable msr plugin on all !x86
[ Jessica Clarke ]
* debian: Check DEB_HOST_ARCH_CPU not DEB_HOST_ARCH for MSR plugin
* debian: Prefer Makefile substitution over shell substitution
* debian: Use if/else rather than overriding default values
* debian: Drop pointless dh_shlibdeps override
* debian: Check for valgrind in Makefile not shell and don't hard-code path
* debian: Fix dangerous lack of set -e
* debian: Fix another instance of unusual ifeq syntax
* debian: Build up CONFARGS list rather than individual variables
* debian: Fix another dangerous missing set -e
* debian: Use uniform spacing around semicolons
* debian: Avoid looking like a set -e is missing
* debian: Remove unnecessary ./ use
* debian: Add quotes around glob
fwupd (1.5.1-1) unstable; urgency=medium
* New upstream version (1.5.1)
* Drop backported patches
fwupd (1.4.6-2) unstable; urgency=medium
* Add udisks2 to recommends
* Backport a patch to fix a crash when udisks2 is missing (Closes: #970054)
* Disable flashrom for ia64
fwupd (1.4.6-1) unstable; urgency=medium
* New upstream version (1.4.6)
fwupd (1.4.5-1) unstable; urgency=medium
* New upstream version (1.4.5)
* Drop flashrom patch, now upstream
* Regenerate control file
- Refresh dependencies for 1.4.x
- Drop Jared as uploader
fwupd (1.3.11-2) unstable; urgency=medium
* Stop generating debian/control automatically at build time
* Add build-dep on libflashrom-dev
-- Yuan-Chen Cheng <yc.cheng at canonical.com> Fri, 23 Jul 2021 15:14:53
+0800
** Changed in: fwupd (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1921539
Title:
Add support for SBAT
Status in OEM Priority Project:
In Progress
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
Fix Released
Status in fwupd source package in Bionic:
In Progress
Status in fwupd-signed source package in Bionic:
In Progress
Status in fwupd source package in Focal:
Fix Released
Status in fwupd-signed source package in Focal:
Fix Committed
Status in fwupd source package in Groovy:
Fix Released
Status in fwupd-signed source package in Groovy:
Fix Released
Status in fwupd source package in Hirsute:
Fix Released
Status in fwupd-signed source package in Hirsute:
Fix Released
Bug description:
[Impact]
Future releases of shim will require that EFI binaries that are chainloaded include an SBAT region. fwupd in bionic does not currently contain this region.
[Test Case]
Verify that a shim that checks for sbat region can boot the fwupd with sbat region.
[Regression Potential]
This is moving to a new stable release in each of the series which is in bug fix only mode. The sbat region is the only "feature" that has been backported to this series in over a year.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions
More information about the foundations-bugs
mailing list