This bug was fixed in the package shim-signed - 1.37~18.04.2
---------------
shim-signed (1.37~18.04.2) bionic; urgency=medium
* debian/control: add Breaks: grub-efi-amd64-signed (<< 1.93.7), as the new
version of shim exercises a bug in relocation code for chainload that was
fixed in that upload of grub, affecting Windows 7, Windows 10, and some
netboot scenarios where chainloading is required. (LP: #1792575)
shim-signed (1.37~18.04.1) bionic; urgency=medium
* Backport shim-signed 1.37 to Ubuntu 18.04. (LP: #1790724)
shim-signed (1.37) cosmic; urgency=medium
* Update to the signed 15+1533136590.3beb971-0ubuntu1 binary from Microsoft.
* debian/real-po: replace debian/po to make sure things are translatable
via Launchpad.
-- Mathieu Trudel-Lapierre <cypher...@ubuntu.com> Fri, 28 Sep 2018
11:02:56 -0400
** Changed in: shim-signed (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1790724
Title:
Backport shim 15+1533136590.3beb971-0ubuntu1 to all supported releases
Status in shim package in Ubuntu:
Fix Released
Status in shim-signed package in Ubuntu:
Fix Released
Status in shim source package in Trusty:
New
Status in shim-signed source package in Trusty:
New
Status in shim source package in Xenial:
New
Status in shim-signed source package in Xenial:
Fix Committed
Status in shim source package in Bionic:
Fix Committed
Status in shim-signed source package in Bionic:
Fix Released
Status in shim source package in Cosmic:
Fix Released
Status in shim-signed source package in Cosmic:
Fix Released
Bug description:
[Impact]
All UEFI users.
[Test case]
== shim ==
1) Enable Secure Boot in firmware.
2) Update to new shim and shim-signed packages (shim 15+, shim-signed 1.37~)
3) Validate that the system still boots and validates the shim image as well
as the grub binary.
== MokManager ==
0) Generate a new self-signed certificate. You can use "sudo
update-secureboot-policy --new-mok" for that purpose, the DER file will be in
/var/lib/shim-signed/mok.
1) Run 'sudo mokutil --enable-validation'
2) Follow prompts on screen to enable validation if applicable.
3) Run 'sudo mokutil --import <certificate.der>'
4) Follow the prompts on screen to import a new certificate.
5) Reboot
6) Follow prompts to import the new certificate and enable validation.
7) Validate that the system boots all the way to userland.
8) Verify that the certificate has been correctly imported, it should be
listed in the output of 'sudo mokutil --list-enrolled'.
== mokutil ==
1) Run 'sudo mokutil --timeout 14' (or any other arbitrary value).
2) follow the steps for MokManager tests above.
3) Validate that the MokManager prompt happens and shows a timeout
appropriate for the timeout value set using the mokutil command.
Also validate 'mokutil --timeout -1' works correctly, where the
MokManager never times out.
[Regression potential]
Possible regressions might include failure to load shim or MokManager, or
failure to validate an EFI binary (which usually translates in a Security
Violation message. Any such issues should be investigated as possible
regressions caused by this update.
---
Backport shim to all supported releases of Ubuntu.
Include mokutil changes to support new timeout feature.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1790724/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
