[Bug 1921539] Re: Add support for SBAT
Steve Langasek
1921539 at bugs.launchpad.net
Mon Aug 30 19:36:49 UTC 2021
> if we do want to support secure boot on bionic
Yes, this is non-negotiable. In fact, publication of the updated shim
to bionic has been held up because of concerns over regressing fwupd-
signed, which exists specifically *for* support under SecureBoot.
So, I'm going to mark this verification-failed since the sbat section is
missing.
Please upload a fixed fwupd package with sbat support ASAP so that we
can land the updated shim.
** Changed in: fwupd-signed (Ubuntu Focal)
Status: Fix Committed => Fix Released
** Tags removed: verification-needed-bionic
** Tags added: verification-failed-bionic
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1921539
Title:
Add support for SBAT
Status in OEM Priority Project:
In Progress
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
Fix Released
Status in fwupd source package in Bionic:
Fix Committed
Status in fwupd-signed source package in Bionic:
Fix Committed
Status in fwupd source package in Focal:
Fix Released
Status in fwupd-signed source package in Focal:
Fix Released
Status in fwupd source package in Groovy:
Fix Released
Status in fwupd-signed source package in Groovy:
Fix Released
Status in fwupd source package in Hirsute:
Fix Released
Status in fwupd-signed source package in Hirsute:
Fix Released
Bug description:
[Impact]
Future releases of shim will require that EFI binaries that are chainloaded include an SBAT region. fwupd in bionic does not currently contain this region.
[Test Case]
Verify that a shim that checks for sbat region can boot the fwupd with sbat region.
[Regression Potential]
This is moving to a new stable release in each of the series which is in bug fix only mode. The sbat region is the only "feature" that has been backported to this series in over a year.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions
More information about the foundations-bugs
mailing list