** Also affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
** Also affects: subiquity (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ubiquity (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ubuntu-drivers-common (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-drivers-common in Ubuntu.
https://bugs.launchpad.net/bugs/1978890
Title:
Post-Install enablement of OEM-enabled devices will overwrite FIPs
Status in subiquity package in Ubuntu:
New
Status in ubiquity package in Ubuntu:
New
Status in ubuntu-advantage-tools package in Ubuntu:
New
Status in ubuntu-drivers-common package in Ubuntu:
New
Status in update-manager package in Ubuntu:
New
Bug description:
[Summary]
A feature was added to allow for post-install enablement for oem-enabled
devices via update manager:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1908050
While this works great for some situations, it can lead to users
unexpectedly installing the oem meta package + associated kernel,
overwriting an existing fips installation, as the "Improved hardware
support" bundle may not be noticed when operating update-manager
[Expected Behavior]
For non linux-generic running installs, the post-install oem enablement
functionality should not trigger, nor should it add the additional repositories
to the client's sources.list.d.
[Observed Behavior]
sources.list.d is updated and "Improved hardware support" is allowed as an
option in update-manager, which leads to clients unexpectedly losing compliance
in fips environments.
[Replication Steps]
(Using Dell Inc. Precision 7920 Tower/060K5C)
1. Install from current focal ISO
2. Attach a ua subscription
3. Enable the fips-updates service
4. Reboot the system, login the desktop and wait for a while. The
notification will pop up and it will show "Improved hardware support" on the
certified machines that has the OEM metapackage support.
5. Click through the update-manager prompt and install the oem packages
6. Reboot check fips status
As the oem kernel is 5.14, it will be chosen over the fips 5.4 by
default. unattended-upgrades will eventually remove the fips kernel as
well, given enough time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1978890/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
