Please provide dual-signed shim chained to both MS & Canonical certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shim-signed (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Please provide dual-signed shim chained to both MS & Canonical certificates
Implementation provided as:
- shim-canonical => to submit shim for signing (ideally this portion of code should be merged into the src:shim package, when we rebuild it from scratch next)
- shim-signed => to construct dual-signed shim
This also makes it easier to test shim uploads, as a PPA built of shim-canonical, produces signed shim, for which one can import a certificate and use straight away.
See:
https:/
https:/
This work is required for UC20 1.0 release
information type: | Public → Private Security |
information type: | Private Security → Public Security |
information type: | Public Security → Public |
Changed in shim-signed (Ubuntu): | |
status: | New → Incomplete |
Changed in shim-signed (Ubuntu): | |
status: | Incomplete → Fix Released |
Regarding shim-canonical, this looks to me like it should be a one-off, and future signing requests should be done through the shim package itself. Can you raise an MP for that?
Also, is it really the Ubuntu online signing key that you want to be signing this shim, and not the UC20 online signing key?