[ubuntu/noble-proposed] edk2 2023.11-7 (Accepted)
dann frazier
dann.frazier at canonical.com
Thu Feb 15 00:48:00 UTC 2024
edk2 (2023.11-7) unstable; urgency=medium
* ovmf, qemu-efi-*: Stop building Secure Boot code into non-secboot
images so they can include a built-in shell which is unsafe in
Secure Boot mode.
* ovmf-ia32: Add non-secboot image. Thanks to Lionel Debroux.
(Closes: #1023491).
* debian/tests/shell.py: Add tests for ovmf-ia32 non-secboot image.
* qemu-efi-aarch64: Add non-secboot variant. AAVMF_CODE.fd is the
secboot variant, so name it AAVMF_CODE.no-secboot.fd.
* qemu-efi-aarch64: Rename the secboot variant, AAVMF_CODE.fd,
to AAVMF_CODE.secboot.fd and add a compat symlink.
* ovmf, ovmf-ia32, qemu-efi-aarch64: Stop including a built-in shell
in secboot variants, CVE-2023-48733. Thanks to Mate Kukri.
LP: #2040137.
- d/tests: Drop the boot-to-shell tests for images w/ Secure Boot.
- d/tests: Update run_cmd_check_secure_boot() to not expect shell
interaction.
Date: 2024-02-14 22:29:59.223479+00:00
Signed-By: dann frazier <dann.frazier at canonical.com>
https://launchpad.net/ubuntu/+source/edk2/2023.11-7
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list