| 2023-01-30 21:07:27 |
dann frazier |
bug |
|
|
added bug |
| 2023-01-30 23:09:00 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~dannf/shim/+git/shim-signed/+merge/436567 |
|
| 2023-01-31 11:53:04 |
Julian Andres Klode |
description |
arm64 kernels are gzip'd by default, which currently breaks is-not-revoked:
ubuntu@ubuntu:~$ sudo file /boot/vmlinuz-5.15.0-57-generic
/boot/vmlinuz-5.15.0-57-generic: gzip compressed data, was "vmlinuz-5.15.0-57-generic.efi.signed", last modified: Tue Nov 29 10:47:41 2022, max compression, from Unix, original size modulo 2^32 46283136
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
If I decompress the vmlinuz file in place, it works:
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
ubuntu@ubuntu:~$ echo $?
1 |
[Impact]
arm64 kernels are gzip'd by default, which currently breaks is-not-revoked:
ubuntu@ubuntu:~$ sudo file /boot/vmlinuz-5.15.0-57-generic
/boot/vmlinuz-5.15.0-57-generic: gzip compressed data, was "vmlinuz-5.15.0-57-generic.efi.signed", last modified: Tue Nov 29 10:47:41 2022, max compression, from Unix, original size modulo 2^32 46283136
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
If I decompress the vmlinuz file in place, it works:
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
ubuntu@ubuntu:~$ echo $?
1
[Test plan]
Test gzipped kernels per above
[Where problems could occur]
N/A |
|
| 2023-01-31 11:54:20 |
Julian Andres Klode |
description |
[Impact]
arm64 kernels are gzip'd by default, which currently breaks is-not-revoked:
ubuntu@ubuntu:~$ sudo file /boot/vmlinuz-5.15.0-57-generic
/boot/vmlinuz-5.15.0-57-generic: gzip compressed data, was "vmlinuz-5.15.0-57-generic.efi.signed", last modified: Tue Nov 29 10:47:41 2022, max compression, from Unix, original size modulo 2^32 46283136
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
If I decompress the vmlinuz file in place, it works:
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
ubuntu@ubuntu:~$ echo $?
1
[Test plan]
Test gzipped kernels per above
[Where problems could occur]
N/A |
[Impact]
arm64 kernels are gzip'd by default, which currently breaks is-not-revoked:
ubuntu@ubuntu:~$ sudo file /boot/vmlinuz-5.15.0-57-generic
/boot/vmlinuz-5.15.0-57-generic: gzip compressed data, was "vmlinuz-5.15.0-57-generic.efi.signed", last modified: Tue Nov 29 10:47:41 2022, max compression, from Unix, original size modulo 2^32 46283136
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
If I decompress the vmlinuz file in place, it works:
ubuntu@ubuntu:~$ sudo /usr/lib/shim/is-not-revoked /boot/vmlinuz-5.15.0-57-generic ~
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
E: /boot/vmlinuz-5.15.0-57-generic: Could not finder signing subject, sbverify output follows:
Invalid DOS header magic
Can't open image /boot/vmlinuz-5.15.0-57-generic
ubuntu@ubuntu:~$ echo $?
1
[Test plan]
Test gzipped kernels per above
[Where problems could occur]
Added/changed code could potentially break stuff on amd64. |
|
| 2023-01-31 21:52:48 |
Steve Langasek |
shim-signed (Ubuntu Kinetic): status |
New |
Fix Committed |
|
| 2023-01-31 21:52:49 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2023-01-31 21:52:51 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2023-01-31 21:52:54 |
Steve Langasek |
tags |
|
verification-needed verification-needed-kinetic |
|
| 2023-01-31 22:00:34 |
Steve Langasek |
shim-signed (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2023-01-31 22:00:39 |
Steve Langasek |
tags |
verification-needed verification-needed-kinetic |
verification-needed verification-needed-jammy verification-needed-kinetic |
|
| 2023-01-31 22:03:07 |
Steve Langasek |
shim-signed (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2023-01-31 22:03:12 |
Steve Langasek |
tags |
verification-needed verification-needed-jammy verification-needed-kinetic |
verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic |
|
| 2023-01-31 22:05:16 |
Steve Langasek |
shim-signed (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2023-01-31 22:05:20 |
Steve Langasek |
tags |
verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic |
|
| 2023-02-01 15:06:37 |
dann frazier |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic |
verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic |
|
| 2023-02-16 10:47:58 |
Launchpad Janitor |
shim-signed (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
| 2023-02-16 10:47:58 |
Launchpad Janitor |
cve linked |
|
2022-28737 |
|
| 2023-02-16 10:48:12 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2023-02-16 11:04:47 |
Launchpad Janitor |
shim-signed (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2023-02-16 11:10:59 |
Launchpad Janitor |
shim-signed (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-02-16 16:27:50 |
Launchpad Janitor |
shim-signed (Ubuntu): status |
New |
Fix Released |
|
| 2023-02-16 19:50:41 |
dann frazier |
shim-signed (Ubuntu Focal): status |
Fix Released |
Fix Committed |
|
| 2023-03-14 15:15:18 |
Launchpad Janitor |
shim-signed (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-06-22 23:31:43 |
Launchpad Janitor |
shim-signed (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
