| 2021-03-24 15:00:29 |
Dimitri John Ledkov |
bug |
|
|
added bug |
| 2021-03-24 15:00:37 |
Dimitri John Ledkov |
bug task added |
|
shim-signed (Ubuntu) |
|
| 2021-03-24 15:00:54 |
Dimitri John Ledkov |
description |
[Impact]
* New upstream shim release 15.3
* It includes and enforces SBAT validation
[Test Plan]
* https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims |
[Impact]
* New upstream shim release 15.3
* It includes and enforces SBAT validation
[Test Plan]
* https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims
* This upload obsoletes shim-signed-canonical package |
|
| 2021-03-26 02:06:07 |
Alex Murray |
bug |
|
|
added subscriber Alex Murray |
| 2021-03-31 17:02:18 |
Dimitri John Ledkov |
summary |
SBAT shim 15.3 release |
SBAT shim 15.4 release |
|
| 2021-03-31 17:02:26 |
Dimitri John Ledkov |
description |
[Impact]
* New upstream shim release 15.3
* It includes and enforces SBAT validation
[Test Plan]
* https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims
* This upload obsoletes shim-signed-canonical package |
[Impact]
* New upstream shim release 15.4
* It includes and enforces SBAT validation
[Test Plan]
* https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims
* This upload obsoletes shim-signed-canonical package |
|
| 2021-04-01 12:37:13 |
Yuan-Chen Cheng |
bug task added |
|
oem-priority |
|
| 2021-04-01 12:37:29 |
Yuan-Chen Cheng |
tags |
|
fwupd |
|
| 2021-04-01 12:39:52 |
Yuan-Chen Cheng |
tags |
fwupd |
fwupd sbat |
|
| 2021-04-02 22:45:53 |
Steve Beattie |
bug |
|
|
added subscriber Steve Beattie |
| 2021-04-02 22:46:03 |
Steve Beattie |
shim (Ubuntu): status |
New |
Confirmed |
|
| 2021-04-02 22:46:07 |
Steve Beattie |
shim-signed (Ubuntu): status |
New |
Confirmed |
|
| 2021-04-11 21:55:59 |
Rex Tsai |
tags |
fwupd sbat |
fwupd oem-priority sbat |
|
| 2021-04-13 09:25:35 |
Dimitri John Ledkov |
tags |
fwupd oem-priority sbat |
block-proposed-hirsute fwupd oem-priority sbat |
|
| 2021-04-13 09:25:56 |
Dimitri John Ledkov |
tags |
block-proposed-hirsute fwupd oem-priority sbat |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-hirsute block-proposed-xenial fwupd oem-priority sbat |
|
| 2021-04-13 15:21:54 |
Dimitri John Ledkov |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-hirsute block-proposed-xenial fwupd oem-priority sbat |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat |
|
| 2021-04-13 22:26:14 |
Launchpad Janitor |
shim (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2021-04-13 22:26:15 |
Launchpad Janitor |
shim-signed (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2021-04-15 12:21:34 |
Yuan-Chen Cheng |
oem-priority: assignee |
|
Yuan-Chen Cheng (ycheng-twn) |
|
| 2021-04-15 12:21:38 |
Yuan-Chen Cheng |
oem-priority: status |
New |
Confirmed |
|
| 2021-04-15 12:21:42 |
Yuan-Chen Cheng |
oem-priority: importance |
Undecided |
Critical |
|
| 2021-05-06 16:26:48 |
Łukasz Zemczak |
shim-signed (Ubuntu Hirsute): status |
New |
Fix Committed |
|
| 2021-05-06 16:26:49 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-05-06 16:26:52 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2021-05-06 16:26:56 |
Łukasz Zemczak |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-needed verification-needed-hirsute |
|
| 2021-05-06 17:34:59 |
Joshua Powers |
bug |
|
|
added subscriber Joshua Powers |
| 2021-05-10 22:02:16 |
Steve Langasek |
shim-signed (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-05-10 22:02:26 |
Steve Langasek |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-needed verification-needed-hirsute |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed |
|
| 2021-05-10 22:02:31 |
Steve Langasek |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute |
|
| 2021-05-11 19:14:43 |
Steve Langasek |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-05-14 11:00:14 |
Łukasz Zemczak |
shim-signed (Ubuntu Xenial): status |
New |
Fix Committed |
|
| 2021-05-14 11:00:16 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-05-14 11:00:21 |
Łukasz Zemczak |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-xenial |
|
| 2021-06-28 09:56:20 |
Łukasz Zemczak |
shim-signed (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2021-06-28 09:56:25 |
Łukasz Zemczak |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-xenial |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-focal verification-needed-xenial |
|
| 2021-06-28 14:06:23 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-focal verification-needed-xenial |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
|
| 2021-06-28 14:09:30 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
|
| 2021-07-05 08:06:26 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
|
| 2021-07-06 19:35:16 |
Steve Langasek |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
|
| 2021-07-07 08:04:26 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
|
| 2021-07-19 12:22:21 |
Łukasz Zemczak |
shim-signed (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2021-07-19 12:22:27 |
Łukasz Zemczak |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal |
|
| 2021-07-19 12:35:21 |
Łukasz Zemczak |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-bionic verification-needed-focal verification-needed-xenial |
|
| 2021-07-22 03:33:00 |
Yuan-Chen Cheng |
oem-priority: status |
Confirmed |
In Progress |
|
| 2021-07-26 13:56:35 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-focal block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-hirsute verification-needed verification-needed-bionic verification-needed-focal verification-needed-xenial |
block-proposed-bionic block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-needed verification-needed-bionic verification-needed-xenial |
|
| 2021-07-26 14:31:22 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-groovy block-proposed-xenial fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-needed verification-needed-bionic verification-needed-xenial |
block-proposed-bionic block-proposed-groovy fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
|
| 2021-08-02 19:46:16 |
Launchpad Janitor |
shim-signed (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-08-03 06:51:08 |
Yuan-Chen Cheng |
oem-priority: assignee |
Yuan-Chen Cheng (ycheng-twn) |
|
|
| 2021-08-03 06:51:20 |
Yuan-Chen Cheng |
oem-priority: assignee |
|
Yuan-Chen Cheng (ycheng-twn) |
|
| 2021-08-03 06:51:26 |
Yuan-Chen Cheng |
oem-priority: importance |
Critical |
Medium |
|
| 2021-08-03 06:51:32 |
Yuan-Chen Cheng |
oem-priority: status |
In Progress |
Confirmed |
|
| 2021-08-03 06:51:35 |
Yuan-Chen Cheng |
oem-priority: assignee |
Yuan-Chen Cheng (ycheng-twn) |
|
|
| 2021-08-16 10:30:18 |
Launchpad Janitor |
shim-signed (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2021-08-18 15:08:39 |
Julian Andres Klode |
tags |
block-proposed-bionic block-proposed-groovy fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
block-proposed-groovy fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
|
| 2021-08-18 15:08:48 |
Julian Andres Klode |
tags |
block-proposed-groovy fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
|
| 2021-08-18 15:56:19 |
Joshua Powers |
removed subscriber Joshua Powers |
|
|
|
| 2021-09-06 10:06:42 |
Julian Andres Klode |
tags |
fwupd oem-priority sbat verification-done-focal verification-done-hirsute verification-done-xenial verification-needed verification-needed-bionic |
fwupd oem-priority sbat verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-xenial |
|
| 2021-09-07 08:20:35 |
Launchpad Janitor |
shim-signed (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2021-10-05 14:08:55 |
Mathew Hodson |
oem-priority: status |
Confirmed |
Fix Released |
|
