Comment 5 for bug 1528345
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1528345] Re: grub or kernel update broke Secure Boot by putting grubx64.efi instead of shimx64.efi in EFI boot order | #5 |
On Thu, Jan 07, 2016 at 03:59:30AM -0000, Seth Arnold wrote:
> Will users that have only the -security pocket enabled run into this
> issue until we publish a corresponding grub2-signed package into the
> -security pocket?
Yes.
> Can the packages in -updates in wily, vivid, and trusty be binarycopied
> into the -security pocket?
That doesn't help. The grub2 and grub2-signed packages must be in exact
version lockstep to avoid problems.
> What steps need to be taken to publish future grub2 security updates?
Upon unembargo, the grub2 package needs to be copied first from the security
ppa to -proposed, where the grub .efi binaries can be signed, and then
grub2-signed needs to be uploaded to -proposed, after which the packages can
be copied to -security.