| 2018-09-04 21:00:48 |
Mathieu Trudel-Lapierre |
bug |
|
|
added bug |
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Trusty |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
bug task added |
|
shim (Ubuntu Trusty) |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Xenial |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
bug task added |
|
shim (Ubuntu Xenial) |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Cosmic |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
bug task added |
|
shim (Ubuntu Cosmic) |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Bionic |
|
| 2018-09-04 22:01:37 |
Mathieu Trudel-Lapierre |
bug task added |
|
shim (Ubuntu Bionic) |
|
| 2018-09-04 22:01:48 |
Mathieu Trudel-Lapierre |
shim (Ubuntu Cosmic): status |
New |
Fix Released |
|
| 2018-09-04 22:01:54 |
Mathieu Trudel-Lapierre |
bug task added |
|
shim-signed (Ubuntu) |
|
| 2018-09-04 22:02:26 |
Mathieu Trudel-Lapierre |
shim-signed (Ubuntu Cosmic): status |
New |
Fix Released |
|
| 2018-09-06 22:20:57 |
Steve Langasek |
shim-signed (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2018-09-06 22:21:00 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-09-06 22:21:02 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2018-09-06 22:21:06 |
Steve Langasek |
tags |
|
verification-needed verification-needed-bionic |
|
| 2018-09-11 18:00:31 |
Steve Langasek |
shim (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2018-09-11 18:34:22 |
Mathieu Trudel-Lapierre |
tags |
verification-needed verification-needed-bionic |
verification-done-bionic |
|
| 2018-09-11 22:47:14 |
Steve Langasek |
shim-signed (Ubuntu Xenial): status |
New |
Fix Committed |
|
| 2018-09-11 22:47:22 |
Steve Langasek |
tags |
verification-done-bionic |
verification-done-bionic verification-needed verification-needed-xenial |
|
| 2018-09-12 21:09:14 |
Steve Langasek |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2018-09-12 21:09:19 |
Launchpad Janitor |
shim-signed (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-09-14 19:43:25 |
Steve Langasek |
shim-signed (Ubuntu Bionic): status |
Fix Released |
Fix Committed |
|
| 2018-09-14 19:44:11 |
Steve Langasek |
tags |
verification-done-bionic verification-needed verification-needed-xenial |
verification-failed verification-failed-bionic verification-needed-xenial |
|
| 2018-10-01 16:33:02 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-10-01 16:33:07 |
Łukasz Zemczak |
tags |
verification-failed verification-failed-bionic verification-needed-xenial |
verification-needed verification-needed-bionic verification-needed-xenial |
|
| 2018-10-09 19:30:26 |
Mathieu Trudel-Lapierre |
description |
[Impact]
All UEFI users.
[Test case]
== shim ==
1) Enable Secure Boot in firmware.
2) Update to new shim and shim-signed packages (shim 15+, shim-signed 1.37~)
3) Validate that the system still boots and validates the shim image as well as the grub binary.
== MokManager ==
0) Generate a new self-signed certificate. You can use "sudo update-secureboot-policy --new-mok" for that purpose, the DER file will be in /var/lib/shim-signed/mok.
1) Run 'sudo mokutil --enable-validation'
2) Follow prompts on screen to enable validation if applicable.
3) Run 'sudo mokutil --import <certificate.der>'
4) Follow the prompts on screen to import a new certificate.
5) Reboot
6) Follow prompts to import the new certificate and enable validation.
7) Validate that the system boots all the way to userland.
8) Verify that the certificate has been correctly imported, it should be listed in the output of 'sudo mokutil --list-enrolled'.
== mokutil ==
1) Run 'sudo mokutil --timeout 14' (or any other arbitrary value).
2) follow the steps for MokManager tests above.
3) Validate that the MokManager prompt happens and shows a timeout appropriate for the timeout value set using the mokutil command.
Also validate 'mokutil --timeout 0' works correctly, where the MokManager never times out.
[Regression potential]
Possible regressions might include failure to load shim or MokManager, or failure to validate an EFI binary (which usually translates in a Security Violation message. Any such issues should be investigated as possible regressions caused by this update.
---
Backport shim to all supported releases of Ubuntu.
Include mokutil changes to support new timeout feature. |
[Impact]
All UEFI users.
[Test case]
== shim ==
1) Enable Secure Boot in firmware.
2) Update to new shim and shim-signed packages (shim 15+, shim-signed 1.37~)
3) Validate that the system still boots and validates the shim image as well as the grub binary.
== MokManager ==
0) Generate a new self-signed certificate. You can use "sudo update-secureboot-policy --new-mok" for that purpose, the DER file will be in /var/lib/shim-signed/mok.
1) Run 'sudo mokutil --enable-validation'
2) Follow prompts on screen to enable validation if applicable.
3) Run 'sudo mokutil --import <certificate.der>'
4) Follow the prompts on screen to import a new certificate.
5) Reboot
6) Follow prompts to import the new certificate and enable validation.
7) Validate that the system boots all the way to userland.
8) Verify that the certificate has been correctly imported, it should be listed in the output of 'sudo mokutil --list-enrolled'.
== mokutil ==
1) Run 'sudo mokutil --timeout 14' (or any other arbitrary value).
2) follow the steps for MokManager tests above.
3) Validate that the MokManager prompt happens and shows a timeout appropriate for the timeout value set using the mokutil command.
Also validate 'mokutil --timeout -1' works correctly, where the MokManager never times out.
[Regression potential]
Possible regressions might include failure to load shim or MokManager, or failure to validate an EFI binary (which usually translates in a Security Violation message. Any such issues should be investigated as possible regressions caused by this update.
---
Backport shim to all supported releases of Ubuntu.
Include mokutil changes to support new timeout feature. |
|
| 2018-10-09 19:30:57 |
Mathieu Trudel-Lapierre |
tags |
verification-needed verification-needed-bionic verification-needed-xenial |
verification-done-bionic verification-needed verification-needed-xenial |
|
| 2018-10-11 07:34:08 |
Launchpad Janitor |
shim-signed (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-10-17 12:32:56 |
Francis Ginther |
tags |
verification-done-bionic verification-needed verification-needed-xenial |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-needed verification-needed-xenial |
|
| 2018-11-01 18:49:11 |
Mathieu Trudel-Lapierre |
tags |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-needed verification-needed-xenial |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-done-xenial |
|
| 2018-11-01 19:02:00 |
Launchpad Janitor |
shim-signed (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2018-11-01 19:03:57 |
Brian Murray |
shim (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-11-01 19:04:24 |
Brian Murray |
shim (Ubuntu Xenial): status |
New |
Fix Released |
|
| 2018-11-01 20:29:19 |
Steve Langasek |
shim (Ubuntu Xenial): status |
Fix Released |
In Progress |
|
| 2018-11-01 20:29:23 |
Steve Langasek |
shim (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2018-11-01 20:29:33 |
Steve Langasek |
shim-signed (Ubuntu Xenial): status |
Fix Released |
Fix Committed |
|
| 2018-11-01 20:32:19 |
Steve Langasek |
description |
[Impact]
All UEFI users.
[Test case]
== shim ==
1) Enable Secure Boot in firmware.
2) Update to new shim and shim-signed packages (shim 15+, shim-signed 1.37~)
3) Validate that the system still boots and validates the shim image as well as the grub binary.
== MokManager ==
0) Generate a new self-signed certificate. You can use "sudo update-secureboot-policy --new-mok" for that purpose, the DER file will be in /var/lib/shim-signed/mok.
1) Run 'sudo mokutil --enable-validation'
2) Follow prompts on screen to enable validation if applicable.
3) Run 'sudo mokutil --import <certificate.der>'
4) Follow the prompts on screen to import a new certificate.
5) Reboot
6) Follow prompts to import the new certificate and enable validation.
7) Validate that the system boots all the way to userland.
8) Verify that the certificate has been correctly imported, it should be listed in the output of 'sudo mokutil --list-enrolled'.
== mokutil ==
1) Run 'sudo mokutil --timeout 14' (or any other arbitrary value).
2) follow the steps for MokManager tests above.
3) Validate that the MokManager prompt happens and shows a timeout appropriate for the timeout value set using the mokutil command.
Also validate 'mokutil --timeout -1' works correctly, where the MokManager never times out.
[Regression potential]
Possible regressions might include failure to load shim or MokManager, or failure to validate an EFI binary (which usually translates in a Security Violation message. Any such issues should be investigated as possible regressions caused by this update.
---
Backport shim to all supported releases of Ubuntu.
Include mokutil changes to support new timeout feature. |
[Impact]
All UEFI users.
[Test case]
Verify that LP: #1792575 in grub has been fixed first for the corresponding release.
== shim ==
1) Enable Secure Boot in firmware.
2) Update to new shim and shim-signed packages (shim 15+, shim-signed 1.37~)
3) Validate that the system still boots and validates the shim image as well as the grub binary.
== MokManager ==
0) Generate a new self-signed certificate. You can use "sudo update-secureboot-policy --new-mok" for that purpose, the DER file will be in /var/lib/shim-signed/mok.
1) Run 'sudo mokutil --enable-validation'
2) Follow prompts on screen to enable validation if applicable.
3) Run 'sudo mokutil --import <certificate.der>'
4) Follow the prompts on screen to import a new certificate.
5) Reboot
6) Follow prompts to import the new certificate and enable validation.
7) Validate that the system boots all the way to userland.
8) Verify that the certificate has been correctly imported, it should be listed in the output of 'sudo mokutil --list-enrolled'.
== mokutil ==
1) Run 'sudo mokutil --timeout 14' (or any other arbitrary value).
2) follow the steps for MokManager tests above.
3) Validate that the MokManager prompt happens and shows a timeout appropriate for the timeout value set using the mokutil command.
Also validate 'mokutil --timeout -1' works correctly, where the MokManager never times out.
[Regression potential]
Possible regressions might include failure to load shim or MokManager, or failure to validate an EFI binary (which usually translates in a Security Violation message. Any such issues should be investigated as possible regressions caused by this update.
---
Backport shim to all supported releases of Ubuntu.
Include mokutil changes to support new timeout feature. |
|
| 2018-11-01 20:32:36 |
Steve Langasek |
tags |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-done-xenial |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-failed-xenial |
|
| 2018-12-11 22:55:29 |
Brian Murray |
tags |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-failed-xenial |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-needed verification-needed-xenial |
|
| 2019-01-09 14:53:14 |
Mathieu Trudel-Lapierre |
tags |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-needed verification-needed-xenial |
id-5b36ccda18d5e26eda679909 verification-done-bionic verification-done-xenial |
|
| 2019-01-21 15:56:31 |
Launchpad Janitor |
shim-signed (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
