shim-signed updates break self signed UEFI systems
Bug #1600224 reported by
Tim Gardner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shim-signed (Ubuntu) |
Confirmed
|
Low
|
Mathieu Trudel-Lapierre |
Bug Description
Updating shim-signed on a self signed UEFI platform without Microsoft keys is rendered unbootable. An example is a QEMU instance that is self signed.
Isn't there a way to notify the platform owner that they should resign their UEFI utilities before rebooting ?
Changed in shim-signed (Ubuntu): | |
assignee: | nobody → Mathieu Trudel-Lapierre (cyphermox) |
Changed in shim-signed (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
The shim-signed package is the package that delivers the Microsoft-signed shim to the user's system. I certainly agree that we can be more proactive about detecting the case where your system will be rendered unbootable. However, it seems to me that the obvious workaround for this bug is to not install the shim-signed package on a system which doesn't need it (or to remove this package when configuring your self-signed Secure Boot keys).