[ubuntu/kinetic-updates] shim 15.7-0ubuntu1 (Accepted)
Łukasz Zemczak
lukasz.zemczak at canonical.com
Thu Feb 16 10:47:58 UTC 2023
shim (15.7-0ubuntu1) kinetic; urgency=medium
* New upstream version 15.7 (LP: #1996503), highlights:
- Enable TDX measurements (LP: #1995852)
- Flush the memory region from i-cache before execution (LP: #1987541)
- Introspectable SBAT payload for TPM resealing efforts
- Don't measure MokListTrusted to PCR7
- SBAT level: shim,3
- SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
Note that shim requirement was not bumped as shim,2 shims are not
commonly available yet.
* SECURITY FIX: Buffer overflow when loading crafted EFI images.
- CVE-2022-28737
* Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains
* Import 20221103 Canonical vendor dbx.
This vendor dbx revokes all certificates that have been used
so far.
- CN = Canonical Ltd. Secure Boot Signing
- CN = Canonical Ltd. Secure Boot Signing (2017)
- CN = Canonical Ltd. Secure Boot Signing (ESM 2018)
- CN = Canonical Ltd. Secure Boot Signing (2019)
- CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019)
- CN = Canonical Ltd. Secure Boot Signing (2021 v1)
- CN = Canonical Ltd. Secure Boot Signing (2021 v2)
- CN = Canonical Ltd. Secure Boot Signing (2021 v3)
* Build-Depend on libefivar-dev
* debian/rules: Update COMMIT_ID
Date: 2022-11-18 16:58:10.208365+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/shim/15.7-0ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list