[Bug 1921539] Re: Add support for SBAT
** Changed in: oem-priority Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd - 1.2.14-0~18.04.2 --- fwupd (1.2.14-0~18.04.2) bionic; urgency=medium * debian/rules: catch up to generate sbat section. fwupd (1.2.14-0~18.04.1) bionic; urgency=medium * New upstream version (1.2.14) (LP: #1884788) * Bug fixes: - Fixes crashes on fwupdaa64.efi on startup (LP: #1858590) - Check version was updated by checking version - Correctly import PKCS-7 remote metadata - Decrease minimum battery requirement to 10% - Disable the battery percentage checks if UPower is unavailable - Do not do semver conversion in fu_common_vercmp() - Fix the DeviceID set by GetDetails - Force the synaptics-prometheus minor version from 0x02 to 0x01 - Prevent Dell updates to occur via synaptics-mst - Read all releases and convert versions when comparing - Use the correct timeout for unifying IO channel writes - Validate that gpgme_op_verify_result() returned at least one signature - Avoid checking for bolt support when not required - Correct HWID support in wacom-raw - Fix offset of vendor id of hidraw devices - Make loading vendor/product/serial strings non-fatal - Only check the vendor ID if the device has one set - Use more systemd directives for directories - Actually write the new device path if different than before - Add a SynapticsMSTBoardID for a few Lenovo docks - Add the counterpart GUID for the DW5821e - Be more accepting when trying to recover a failed database migration - Do not ask the user to upload a report if ReportURI is not set - Do not segfault when trying to quit the downgrade selection - Fix a crash when stopping the fwupd service - Never show AppStream markup on the console - Relax the certificate time checks in the self tests for the legacy certificate - Reload metadata store when configuration changes - Remove replug flag after the device comes back from reboot - Update device_modified in sql database during updates - Work properly with ICL thunderbolt controller * New features: - Add support for tpm2-tools 4.X - Allow specifying a firmware GUID to check any version exists - Add SBAT region support (LP: #1921539) * Don't cleanup /var/cache/fwupdate anymore * Drop upstreamed patches: - 0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch - 0001-trivial-libfwupd-skip-tests-if-machine-id-is-empty-t.patch - 0001-Allows-confined-snaps-to-activate-fwupd-via-D-Bus.patch - 0001-Only-check-the-vendor-ID-if-the-device-has-one-set.patch - 0001-efi-use-a-wildcard-section-copy-for-final-EFI-genera.patch - CVE-2020-10759.patch * Remaining changes: - meson-0.45-bc.patch: Fix build with meson 0.45 - Drop added Recommends: on bolt which is not in flavor seeds and adds a new service. * Backport a patch from upstream 1_2_X branch to fix SBAT character. * Backport a patch from upstream 1_2_X branch to fix vendor-id requirement error on Dell WD19 (LP: #1921544) -- Yuan-Chen Cheng Tue, 31 Aug 2021 15:58:09 +0800 ** Changed in: fwupd (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10759 ** Changed in: fwupd-signed (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd-signed - 1.10~ubuntu18.04.6 --- fwupd-signed (1.10~ubuntu18.04.6) bionic; urgency=medium * Build depends on fwupd version 1.2.14-0~18.04.2. (LP: #1921539) fwupd-signed (1.10~ubuntu18.04.5) bionic; urgency=medium * Build depends on fwupd version 1.2.14-0~18.04.1 - LP: #1921544 - LP: #1921539 - LP: #1884788 - LP: #1858590 -- Yuan-Chen Cheng Tue, 31 Aug 2021 17:50:22 +0800 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
fwupd 1.2.14-0~18.04.2 from the bionic-proposed channel + fwupd-signed + shim from the bionic-proposed channel. + secure boot on. test nvme firmware re-install wd19sc docking firmware upgrade (ref: lp:1921544) wd19tb docking firmware reinstall (fwupdmgr install --allow-reinstall 4e3f12fc1901c05790ab17ff2223a79631477aa87979498874c4c262cfafc144-WD19FirmwareUpdateLinux_01.00.21.cab) all passed. --- log: $ fwupdmgr install --allow-reinstall 4e3f12fc1901c05790ab17ff2223a79631477aa87979498874c4c262cfafc144-WD19FirmwareUpdateLinux_01.00.21.cab Decompressing… [***] Authenticating… [***] Installing on Package level of Dell dock…] Restarting device… [***] Installing on RTS5413 in Dell dock… ] Restarting device… [***] Less than one minute remaining… Installing on RTS5487 in Dell dock…**] Restarting device… [***] Less than one minute remaining… Installing on Thunderbolt controller in Dell dock…***] Restarting device… [***] Less than one minute remaining… Installing on WD19TB… Idle…[***] Installing on VMM5331 in Dell dock… Idle…[***] Restarting device… [***] Less than one minute remaining… Installing on WD19TB…[** ] Restarting device… [***] Less than one minute remaining… Tool version updates to address security vulnerabilities. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Test to upgrade bios with secure boot on + fwupd 1.2.14-0~18.04.2/fwupd- signed/shim from the bionic-proposed channel, it works just fine. Upgrade bios from gnome-software test passed. AI: test more like NVME, Docking, etc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hello Mario, or anyone else affected, Accepted fwupd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.2.14-0~18.04.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-failed-bionic ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
debdiff for fwupd-signed against the one in the proposed channel. ** Patch added: "fwupd-signed_1.10~ubuntu18.04.6.debdiff" https://bugs.launchpad.net/oem-priority/+bug/1921539/+attachment/5521864/+files/fwupd-signed_1.10~ubuntu18.04.6.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Did test the one in proposed, it does failed with new shim + sb on. I prepare a ppa with updated fwupd. sudo add-apt-repository ppa:ycheng-twn/fwupd-bionic-sbat-3 the unsigned-efi does have a sbat section: --- ~# objdump -h /usr/lib/fwupd/efi/fwupdx64.efi /usr/lib/fwupd/efi/fwupdx64.efi: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 7a2b 4000 4000 0400 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 1 .reloc000a c000 c000 8000 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .data 2ea8 d000 d000 8200 2**5 CONTENTS, ALLOC, LOAD, DATA 3 .sbat 00ec 0001 0001 b200 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .dynamic 0150 00011000 00011000 b400 2**3 CONTENTS, ALLOC, LOAD, DATA 5 .rela 0e70 00012000 00012000 b600 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .rela.plt 0018 00012e70 00012e70 c670 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .dynsym 0288 00013000 00013000 ca00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
> if we do want to support secure boot on bionic Yes, this is non-negotiable. In fact, publication of the updated shim to bionic has been held up because of concerns over regressing fwupd- signed, which exists specifically *for* support under SecureBoot. So, I'm going to mark this verification-failed since the sbat section is missing. Please upload a fixed fwupd package with sbat support ASAP so that we can land the updated shim. ** Changed in: fwupd-signed (Ubuntu Focal) Status: Fix Committed => Fix Released ** Tags removed: verification-needed-bionic ** Tags added: verification-failed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
per check fwupd-signed in the bionic-proposed channel, it does not have sbat section. if we do want to support secure boot on bionic, we need the refine the debian/rules and rolling the deb again. Are we going to do that? If yes, you can ping me to work the debdiff. If not, you also can ping me and I can do the verification for it. # objdump -h /usr/lib/fwupd/efi/fwupdx64.efi.signed /usr/lib/fwupd/efi/fwupdx64.efi.signed: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 7a30 4000 4000 0400 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 1 .reloc000a c000 c000 8000 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .data 2ea8 d000 d000 8200 2**5 CONTENTS, ALLOC, LOAD, DATA 3 .dynamic 0150 0001 0001 b200 2**3 CONTENTS, ALLOC, LOAD, DATA 4 .rela 0e70 00011000 00011000 b400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .rela.plt 0018 00011e70 00011e70 c470 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .dynsym 0270 00012000 00012000 c800 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hello Mario, or anyone else affected, Accepted fwupd-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd- signed/1.10~ubuntu18.04.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: fwupd-signed (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hello Mario, or anyone else affected, Accepted fwupd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.2.14-0~18.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: fwupd (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd - 1.5.11-0ubuntu1~20.04.2 --- fwupd (1.5.11-0ubuntu1~20.04.2) focal; urgency=medium * force to use libjcat >= 0.1.3, or signature verification will failed. fwupd (1.5.11-0ubuntu1~20.04.1) focal; urgency=medium * New upstream version (1.5.11) to support Dell dock USB4 module. (LP: #1934209) * Drop all patches upstream. * Downgrade libgusb from 0.3.5 to 0.3.4 which used in focal after checking through all commits between. fwupd (1.5.8-0ubuntu1) hirsute; urgency=medium * New upstream version (1.5.8) * Backport a patch to fix SBAT (LP: #1921539) * Drop all other patches, upstream. fwupd (1.5.7-3) unstable; urgency=medium * Backport a patch to fix regression in fwupdtool activate * Backport a patch to fix activatable devices getting stuck in an update loop * Rebuild to pick up new signing keys. fwupd (1.5.7-2) unstable; urgency=medium * Backport a patch to fix FTBFS on armhf for SBAT fwupd (1.5.7-1) unstable; urgency=medium * New upstream version (1.5.7) - Fixes issues with SBAT on UEFI. * Fixes dependencies for -dev packages: Closes: #980691, #980684 fwupd (1.5.6-1) unstable; urgency=medium [ Steve McIntyre ] * Fix up Uploaders for the -signed packages - remove Jared, add Matthias [ Mario Limonciello ] * New upstream version (1.5.6) * drop all upstream patches fwupd (1.5.5-2) unstable; urgency=medium * fwupd.postinst: Adjust to read /etc/os-release instead of `/etc/lsb- release` fwupd (1.5.5-1) unstable; urgency=medium * New upstream version (1.5.5) * trivial: debian: migrate uefi->uefi_capsule in uefi.conf * trivial: debian: fix modules-load.d directory * trivial: debian: add dbus to recommends (Closes: #980049) * Backport 2 patches for continual "Unknown" message on new connections * trivial: debian: read /etc/lsb-release instead of dpkg-dev (Closes: #977860, #977861, #970783) fwupd (1.5.3-2) unstable; urgency=medium * trivial: debian: only install fwupd-msr.conf if needed fwupd (1.5.3-1) unstable; urgency=medium * New upstream version (1.5.3) * Drop all patches (upstream) * Follow defaults for nvme and redfish plugins (don't need efivar now) * debian/control: - Drop libsoup build dependency - Add libcurl build dependency - Add systemd build dependency * Migrate debian/fwupd.preinst content to debian/fwupd.maintscript fwupd (1.5.1-5) unstable; urgency=medium * Backport patch to fix ppc64el autopkgtest failure fwupd (1.5.1-4) unstable; urgency=medium * trivial: debian: disable downloading from LVFS in autopkgtest fwupd (1.5.1-3) unstable; urgency=medium * Add breaks for fwupdate 12-7 (Closes: #960688) * trivial: debian: add git to fwupdate-tests dependencies fwupd (1.5.1-2) unstable; urgency=medium [ Mario Limonciello ] * Backport a patch to indicate if packages are supported or not * backport a patch to fix autopkgtests on ppc64el * trivial: debian: don't hardcode paths in libexec * trivial: debian: disable msr plugin on all !x86 [ Jessica Clarke ] * debian: Check DEB_HOST_ARCH_CPU not DEB_HOST_ARCH for MSR plugin * debian: Prefer Makefile substitution over shell substitution * debian: Use if/else rather than overriding default values * debian: Drop pointless dh_shlibdeps override * debian: Check for valgrind in Makefile not shell and don't hard-code path * debian: Fix dangerous lack of set -e * debian: Fix another instance of unusual ifeq syntax * debian: Build up CONFARGS list rather than individual variables * debian: Fix another dangerous missing set -e * debian: Use uniform spacing around semicolons * debian: Avoid looking like a set -e is missing * debian: Remove unnecessary ./ use * debian: Add quotes around glob fwupd (1.5.1-1) unstable; urgency=medium * New upstream version (1.5.1) * Drop backported patches fwupd (1.4.6-2) unstable; urgency=medium * Add udisks2 to recommends * Backport a patch to fix a crash when udisks2 is missing (Closes: #970054) * Disable flashrom for ia64 fwupd (1.4.6-1) unstable; urgency=medium * New upstream version (1.4.6) fwupd (1.4.5-1) unstable; urgency=medium * New upstream version (1.4.5) * Drop flashrom patch, now upstream * Regenerate control file - Refresh dependencies for 1.4.x - Drop Jared as uploader fwupd (1.3.11-2) unstable; urgency=medium * Stop generating debian/control automatically at build time * Add build-dep on libflashrom-dev -- Yuan-Chen Cheng Fri, 23 Jul 2021 15:14:53 +0800 ** Changed in: fwupd (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list
[Bug 1921539] Re: Add support for SBAT
** Changed in: fwupd-signed (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
According to bug 1934209: Verification passed on Focal Secure boot on shim-signed: 1.40.6+15.4-0ubuntu7 (proposed channel, sbat applied) fwupd: 1.5.11-0ubuntu1~20.04.2 (propsoed channel, sbat applied) ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Changed in: oem-priority Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hello Mario, or anyone else affected, Accepted fwupd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.5.11-0ubuntu1~20.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: fwupd (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
I think we can re-use the fwupd-sign that Mario uploaded, since the version number is not changed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
follow up #29, per the built un-signed fwupdx64.efi, it does have the sbat section. $ objdump -h ./fwupdx64.efi ./fwupdx64.efi: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 7a2b 4000 4000 0400 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 1 .reloc000a c000 c000 8000 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .data 2ea8 d000 d000 8200 2**5 CONTENTS, ALLOC, LOAD, DATA 3 .sbat 00ec 0001 0001 b200 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .dynamic 0150 00011000 00011000 b400 2**3 CONTENTS, ALLOC, LOAD, DATA 5 .rela 0e70 00012000 00012000 b600 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .rela.plt 0018 00012e70 00012e70 c670 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .dynsym 0288 00013000 00013000 ca00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
the one mario uploaded to bionic queue missing the debian/rules change. I put one with those change in https://launchpad.net/~ycheng- twn/+archive/ubuntu/fwupd-bionic-sbat-1 per quick check, the major diff from current one in debian buster are the two arm patch: 0010-uefi-capsule-Sync-linker-scripts-with-latest-used-by.patch 0011-uefi-capsule-Include-crt0-for-arm-and-aarch64-that-a.patch juliank think we don't need those, so I didn't include them. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd-signed - 1.30.1 --- fwupd-signed (1.30.1) groovy; urgency=medium * Build depend on fwupd 1.4.7-0~20.10.1 - LP: #1921544 - LP: #1921539 - LP: #1909734 - LP: #1886912 - LP: #1900935 -- Mario Limonciello Fri, 26 Mar 2021 14:04:01 -0500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd - 1.4.7-0~20.10.1 --- fwupd (1.4.7-0~20.10.1) groovy; urgency=medium * new upstream version (1.4.7) * Bug fixes: - Check returned volumes before accessing them - Correct a Thunderbolt assertion if kernel failed FW read - Do not dedupe NVMe devices - Do not match all HIDRAW\VEN_06CB devices - Don't allow device updates while needing activation - Fix adding multiple flags to devices - Fix critical warning regression with 'fwupdate -a' - Fix probe warning for the Logitech Unifying device - Fix the quirk key name for the Lenovo HDMI with power - Make TPM more optional - Make udisks2 errors more apparent - Only set the version format for ESRT entries - Remove the Hughski public key - Restore recognizing gpg and pkcs7 types still - Wait a few ms for the Logitech hardware to settle after detach * New features - Add support for SBAT. (LP: #1921539) - Adds support for Synaptics fingerprinter reader (LP:# 1900935) * Fixes TPM PCR0 reading failures if all characters are 0. (LP: #1909734) * Fixes Synaptics RMI probe causing touchscreen failures (LP: #1886912) * Backport a patch from upstream 1_4_X branch to fix SBAT character. * Backport a patch from upstream 1_4_X branch to fix vendor-id requirement error on Dell WD19 (LP: #1921544) -- Mario Limonciello Fri, 26 Mar 2021 13:45:02 -0500 ** Changed in: fwupd (Ubuntu Groovy) Status: Fix Committed => Fix Released ** Changed in: fwupd-signed (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Per #23, change to verified done in groovy. ** Tags removed: verification-needed-groovy ** Tags added: verification-done-groovy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Per #23, create another bug for groovy sbat SRU in lp:1926011 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
$ wget http://archive.ubuntu.com/ubuntu/dists/groovy-proposed/main/uefi /fwupd-amd64/1.4.7-0~20.10.1/fwupdx64.efi.signed $ md5sum fwupdx64.efi.signed e3a387f8f87852e670d105145cb96168 fwupdx64.efi.signed $ objdump -h ./fwupdx64.efi.signed ./fwupdx64.efi.signed: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 75c0 4000 4000 0400 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 1 .reloc000a c000 c000 7a00 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .data 2d68 d000 d000 7c00 2**5 CONTENTS, ALLOC, LOAD, DATA 3 .dynamic 0150 0001 0001 aa00 2**3 CONTENTS, ALLOC, LOAD, DATA 4 .rela 0e70 00011000 00011000 ac00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .rela.plt 0018 00011e70 00011e70 bc70 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .dynsym 0270 00012000 00012000 c000 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA The binary clearly does not have .sbat section, thus it will not be trusted or booted by new shim in hirsute. fwupd in hirsute does have .sbat section. This SRU claims to add .sbat for the first time in groovy, but actually does not. So it is ok to release this SRU in groovy, but we need a follow up SRU to add sbat section for real. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
today I use the same machine, install debian 10.9 in text mode, and install fwupd / fwupd-signed: 1.2.13-3+deb10u2 existing shim-signed: 1.33+15+1533136590.3beb971-7 I found I also need to install policykit-1. Then I did the same test with secure boot on. The test is passed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@xnox was there some sort of signing rotation or anything? could fwupdx64.efi in groovy have gotten signed prematurely to said rotation? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@mario, I turn secure boot on, and boot into OS, then run the fwupdmgr install command, then reboot, then I saw the failure. One more thing, for new shim + groovy grub, I found the same failure happens if I use groovy/grub 1.155+2.04-1ubuntu35 as boot into OS (so I can't boot into OS with this grub), however if I use groovy/grub 1.167+2.04-1ubuntu44 from the update channel, then I can boot into OS. Feel free to ask questions if anyone wants to reproduce and doesn't know certain steps in detail, or you want to know my steps in more detail as reviewing. A full running session is here: root@u-Latitude-5300:~# sh run.sh ; exit + dpkg -l + grep shim ii shim 15.4-0ubuntu1 amd64boot loader to chain-load signed boot loaders under Secure Boot ii shim-signed1.46+15.4-0ubuntu1 amd64Secure Boot chain-loading bootloader (Microsoft-signed binary) + + grep fwupd echo please run reboot 1.4.7-0~20.10.1 amd64Firmware update daemon ii fwupd-signed 1.30.1+1.4.7-0~20.10.1 amd64Linux Firmware Updater EFI signed binary ii libfwupd2:amd641.4.7-0~20.10.1 amd64Firmware update daemon library ii libfwupdplugin1:amd64 1.4.7-0~20.10.1 amd64Firmware update daemon plugin library + fwupdmgr install 9da74134678173a97e2d3eb4a79f0beba0e43e85155777e040396bad6b70d0b4-firmware.cab --allow-reinstall Decompressing… [***] Authenticating… [***] Installing on System Firmware…/ ] Scheduling… [***] Successfully installed firmware An update requires a reboot to complete. Restart now? [y|N]: n + md5sum /usr/libexec/fwupd/efi/fwupdx64.efi.signed /boot/efi/EFI/ubuntu/fwupdx64.efi e3a387f8f87852e670d105145cb96168 /usr/libexec/fwupd/efi/fwupdx64.efi.signed e3a387f8f87852e670d105145cb96168 /boot/efi/EFI/ubuntu/fwupdx64.efi + mokutil --sb SecureBoot enabled + echo please run reboot please run reboot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@ycheng-twn: In your groovy tests from one run to another was secure boot on from the moment you initiated the FW update? Or did you just turn it on after the reboot and pick "Linux Firmware Updater" entry? I ask because fwupd will examine the state of secure boot at the time the update is attempted from in Ubuntu. If it's off, the non-signed UEFI binary is placed on the ESP. If it's on at that time, the signed binary is placed on the ESP. If you subverted the flow by changing secure boot "in-between" that could be the reason for the failure with SB on. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Test passed on hirsute. I use the same machine, install hirsute, apt upgrade everything, and confirm it have update shim and fwupd. Then turn on secure boot and do the same test, I found fwupd does upgrade bios fw as secure boot is on, so it's test passed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
I'll try to test hirsute as I got the chance to. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@mario, the "newer shim from hirsute" + the existing grub on groovy with secure boot on boot into OS as expected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@ycheng-twn securution/foundations would like to recheck fwupd.efi binaries. we will not release new shim to groovy, until we know that fwupd.efi is compatible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
does the newer shim + grub work? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Bios 1.10.4 is not the most updated version on lvfs. However I think the new mechanism need to also work on old bios version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
I did the following test, the result is failed. Machine: Dell Latitude 5300 BIOS: 1.10.4 Test case: download 1.10.4 bios cab from lfvs, and reinstall the bios using fwupd with the command "fwupdmgr install .cab --allow-reinstall" Pass means: we can run BIOS re-install. Failed means: we can't run BIOS re-install and we will see the error message on the screen. The error message is shown on the monitor in text with blue background. shim and shim-signed 15.4-0-ubuntu1 + fwupd and fwupd-signed 1.4.5-1 secure boot off: Pass shim and shim-singed 15.4-0-ubuntu1 + fwupd and fwupd-signed 1.4.5-1 secure boot on, failed msg: Verification failed: (0x1A) Security Violation shim and shim-signed 15.4-0-ubuntu1 + fwupd and fwupd-signed 1.4.7-0~20.10.1 secure boot on, failed msg: Verification failed: (0x1A) Security Violation The following pkg were install to do above test. fwupd_1.4.7-0~20.10.1_amd64.deb fwupd-signed_1.30.1+1.4.7-0~20.10.1_amd64.deb libfwupd2_1.4.7-0~20.10.1_amd64.deb libfwupdplugin1_1.4.7-0~20.10.1_amd64.deb Is the test procedure wrong or need to install something else? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
@xnox Can you propose this idea to upstream fwupd? Unlike GRUB there is a stronger ABI between the EFI application and userspace. So I think it would be better to make it an upstream decision and then mirror it in Ubuntu rather than Ubuntu having to chase the potential for an ABI disaster if fwupd userspace starts to change in the future. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
RE: [Bug 1921539] Re: Add support for SBAT
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
New shim is available in hirsute-proposed now, and I guess since this is now available in groovy-proposed, we can copy shim into groovy-proposed to complete end to end testing with the new shim. ** Changed in: fwupd-signed (Ubuntu Hirsute) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Ideally I would want us to split fwupd into fwupd-unsigned & fwupd- unsigned, like we did with grub. That way * fwupd will drop shipping .efi binaries * fwupd-unsigned will only build and submit .efi binary for signing * fwupd-signed will ship signed .efi binary with fwupd-unsigned & fwupd-signed binary copied to all distributions, with relaxed dependencies to not depend on a strict version of fwupd userspace things. Such that all releases share the very same build of fwupd.efi, just like all releases share the shim.efi and grub.efi nowadays. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
given shim with sbat feature still not release (lp:1921134), this is more a pre-landing so that we can test as shim+sbat is there. Give so, as long as there are not other regression, I plan to tag verification-done-groovy soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hello Mario, or anyone else affected, Accepted fwupd into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.4.7-0~20.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-groovy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: fwupd (Ubuntu Groovy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-groovy ** Changed in: fwupd-signed (Ubuntu Groovy) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
This bug was fixed in the package fwupd - 1.5.8-0ubuntu1 --- fwupd (1.5.8-0ubuntu1) hirsute; urgency=medium * New upstream version (1.5.8) * Backport a patch to fix SBAT (LP: #1921539) * Drop all other patches, upstream. -- Mario Limonciello Fri, 26 Mar 2021 14:07:35 -0500 ** Changed in: fwupd (Ubuntu Hirsute) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
Hirsute/fwupd with sbat patch now in proposed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Tags added: sbat -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Changed in: oem-priority Importance: Undecided => High ** Changed in: oem-priority Status: New => Confirmed ** Tags added: fwupd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
for focal, SRU to version 1.4.7 and add SBAT patch is tracked in lp:1920723 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Also affects: oem-priority Importance: Undecided Status: New ** Changed in: oem-priority Assignee: (unassigned) => Yuan-Chen Cheng (ycheng-twn) ** Tags added: oem-priority -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Changed in: fwupd (Ubuntu Focal) Status: New => In Progress ** Changed in: fwupd (Ubuntu Groovy) Status: New => In Progress ** Changed in: fwupd (Ubuntu Hirsute) Status: New => In Progress ** Changed in: fwupd-signed (Ubuntu Bionic) Status: New => In Progress ** Changed in: fwupd-signed (Ubuntu Focal) Status: New => In Progress ** Changed in: fwupd-signed (Ubuntu Groovy) Status: New => In Progress ** Changed in: fwupd-signed (Ubuntu Hirsute) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
** Changed in: fwupd (Ubuntu Bionic) Status: New => In Progress ** Changed in: fwupd (Ubuntu Bionic) Assignee: (unassigned) => Mario Limonciello (superm1) ** Changed in: fwupd-signed (Ubuntu Bionic) Assignee: (unassigned) => Mario Limonciello (superm1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921539] Re: Add support for SBAT
All releases need to be updated including Hirsute. Hirsute has fwupd 1.5.7 which contains sbat support, but had a mistake with the wrong character ('.' vs '-'). See https://github.com/fwupd/fwupd/pull/3070 for more context. ** Also affects: fwupd-signed (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921539 Title: Add support for SBAT To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1921539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs