The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: shim (Ubuntu Precise)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs
The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: dkms (Ubuntu Precise)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs
The update of shim, grub, mokutil and others to use signed kernels and
modules are mostly done; one further step that needs to happen is to
have grub enforce that kernels are properly signed, and refuse to load
unsigned kernels (rather than falling back from the linuxefi module
which checks signatu
This bug was fixed in the package shim-signed - 1.18~12.04.1
---
shim-signed (1.18~12.04.1) precise; urgency=medium
* update-secureboot-policy: If /proc/sys/kernel/moksbstate_disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873.
-- Steve Langasek
Verification-successful for shim-signed on precise --- all that is
required is there: the update-secureboot-policy script does what it
should and is run as expected.
However, it looks like MokManager.efi (which isn't something coming from
shim-signed) isn't installed on the system under /boot/efi/
** Changed in: efivar (Ubuntu Trusty)
Status: Fix Released => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules o
efivar for trusty ended up not being needed.
** Changed in: efivar (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title
This bug was fixed in the package grub2-signed - 1.66.1
---
grub2-signed (1.66.1) xenial; urgency=medium
* Rebuild against grub2 2.02~beta2-36ubuntu3.1. (LP: #1574727)
-- Mathieu Trudel-Lapierre Thu, 12 May 2016
09:46:16 -0400
--
You received this bug notification because you
This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.1
---
grub2 (2.02~beta2-36ubuntu3.1) xenial; urgency=medium
* debian/postinst.in: replace setup_mok_validation with a call to
update-secureboot-policy, a script shipped by shim-signed.
(LP: #1574727)
* debian/c
This bug was fixed in the package shim-signed - 1.17~16.04.1
---
shim-signed (1.17~16.04.1) xenial; urgency=medium
* Backport shim-signed 1.17 to 16.04. (LP: #1574727)
-- Mathieu Trudel-Lapierre Thu, 07 Jul 2016
20:17:24 -0400
--
You received this bug notification because you
This bug was fixed in the package dkms - 2.2.0.3-2ubuntu6.2
---
dkms (2.2.0.3-2ubuntu6.2) wily; urgency=medium
* debian/patches/shim_secureboot_support.patch: use update-secureboot-policy,
which has the benefit of being handled via triggers, to allow users to
toggle validati
This bug was fixed in the package shim-signed - 1.17~15.10.1
---
shim-signed (1.17~15.10.1) wily; urgency=medium
* Backport shim-signed 1.17 to 15.10. (LP: #1574727)
-- Mathieu Trudel-Lapierre Thu, 07 Jul 2016
20:17:24 -0400
** Changed in: shim-signed (Ubuntu Xenial)
Sta
This bug was fixed in the package mokutil - 0.3.0-0ubuntu3~15.10.1
---
mokutil (0.3.0-0ubuntu3~15.10.1) wily; urgency=medium
* Backport mokutil to wily. (LP: #1574727)
-- Mathieu Trudel-Lapierre Tue, 26 Apr 2016
11:04:30 -0400
** Changed in: dkms (Ubuntu Wily)
Status: Fi
This bug was fixed in the package dkms - 2.2.0.3-1.1ubuntu5.14.04.6
---
dkms (2.2.0.3-1.1ubuntu5.14.04.6) trusty; urgency=medium
* debian/patches/shim_secureboot_support.patch: use update-secureboot-policy,
which has the benefit of being handled via triggers, to allow users to
This bug was fixed in the package shim-signed - 1.17~14.04.1
---
shim-signed (1.17~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.17 to 14.04. (LP: #1574727)
-- Mathieu Trudel-Lapierre Thu, 07 Jul 2016
20:17:24 -0400
** Changed in: mokutil (Ubuntu Wily)
Status:
This bug was fixed in the package mokutil - 0.3.0-0ubuntu3~14.04.1
---
mokutil (0.3.0-0ubuntu3~14.04.1) trusty; urgency=medium
* Backport mokutil to trusty. (LP: #1574727)
-- Mathieu Trudel-Lapierre Tue, 26 Apr 2016
10:59:59 -0400
** Changed in: mokutil (Ubuntu Trusty)
S
Verification done for XENIAL: grub2-signed, dkms, shim-signed all found
to be working as expected. Test cases pass. As previously discussed, the
grub2-signed update is not especially useful in itself and does need to
drop the calls to mokutil, but will need a further SRU to remove calling
update-se
Verification-done for TRUSTY: efivar, mokutil, dkms, shim-signed all
found to be working at expected. Test cases pass.
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.la
Verification-done for WILY: mokutil, dkms, shim-signed all found to be
working as expected. Test cases pass.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce us
Hello Mathieu, or anyone else affected,
Accepted shim-signed into xenial-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.17~16.04.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
h
There are about 10 packages being SRUed here, and no information given
in the preceding tag change about what testing has been done. So I have
my doubts that this tag really means all the SRUs have been verified for
all releases :) Resetting.
** Tags removed: verification-done
** Tags added: ver
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules on UEFI
** Tags removed: verification-done-precise
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules on UEFI
Status in dkms package in
This bug was fixed in the package efivar - 0.21-1~12.04.1
---
efivar (0.21-1~12.04.1) precise; urgency=medium
* Backport efivar to 12.04; to support mokutil. (LP: #1574727)
- debian/patches/port-nvme-support.patch: define the NVME ID IOCTL (only
required to successfully bu
This bug was fixed in the package mokutil - 0.3.0-0ubuntu3~12.04.1
---
mokutil (0.3.0-0ubuntu3~12.04.1) precise; urgency=medium
* Backport to precise: (LP: #1574727)
- debian/patches/precise-gcc-options.patch: drop to building against the
gnu99 standard, rather than gnu11.
** Tags removed: verification-failed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules on UEFI
Status in dkms package in Ubuntu
Hello Mathieu, or anyone else affected,
Accepted shim-signed into xenial-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.16~16.04.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
h
** Changed in: grub2-signed (Ubuntu Precise)
Status: New => Invalid
** Changed in: grub2 (Ubuntu Precise)
Status: New => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs
** Changed in: grub2-signed (Ubuntu Trusty)
Status: Fix Committed => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and mo
xenial still needs an SRU to drop the previous setup_mok_validation code
(but not add update-secureboot-policy).
** Changed in: grub2-signed (Ubuntu Xenial)
Status: Fix Committed => In Progress
** Changed in: grub2 (Ubuntu Wily)
Status: New => Invalid
** Changed in: grub2 (Ubuntu X
Having reviewed and discussed the changes to grub in the SRU queue, I
have concluded that the grub2 SRU is both insufficient (because upgrade
ordering does not ensure that the update-secureboot-policy command is
available when grub is upgraded) and unnecessary (because shim-signed
should apply the
Hello Mathieu, or anyone else affected,
Accepted grub2 into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-9ubuntu1.10 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
http
Hello Mathieu, or anyone else affected,
Accepted grub2-signed into trusty-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/grub2-signed/1.34.11 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https
Hello Mathieu, or anyone else affected,
Accepted shim-signed into trusty-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.15~14.04.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
h
Hello Mathieu, or anyone else affected,
Accepted shim-signed into wily-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.15~15.10.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
htt
** Description changed:
[Rationale]
Secure Boot is good. We want to be able to validate that as much as possible
of the boot process happens with signed binaries; from our shim (the part that
is loaded by the EFI firmware itself), down to grub2, the kernel, and even
loaded modules.
[Im
precise:
- verified efivar & sbsigntool
- verified mokutil
Verification passes for these SRUs.
** Tags added: verification-done-precise
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/15747
** Changed in: shim-signed (Ubuntu Wily)
Status: New => In Progress
** Changed in: shim-signed (Ubuntu Trusty)
Status: New => In Progress
** Changed in: shim-signed (Ubuntu Precise)
Status: New => In Progress
--
You received this bug notification because you are a member of
Meh, I meant to release grub2{,-signed} for trusty, fat-fingered this. I
removed the copy into -updates, as this is premature.
** Changed in: grub2 (Ubuntu Xenial)
Status: Fix Released => Fix Committed
** Changed in: grub2-signed (Ubuntu Xenial)
Status: Fix Released => Fix Committed
This bug was fixed in the package grub2-signed - 1.66.1
---
grub2-signed (1.66.1) xenial; urgency=medium
* Rebuild against grub2 2.02~beta2-36ubuntu3.1. (LP: #1574727)
-- Mathieu Trudel-Lapierre Thu, 12 May 2016
09:46:16 -0400
--
You received this bug notification because you
This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.1
---
grub2 (2.02~beta2-36ubuntu3.1) xenial; urgency=medium
* debian/postinst.in: replace setup_mok_validation with a call to
update-secureboot-policy, a script shipped by shim-signed.
(LP: #1574727)
* debian/c
Hello Mathieu, or anyone else affected,
Accepted grub2 into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
http
Hello Mathieu, or anyone else affected,
Accepted shim-signed into xenial-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.14~16.04.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
h
** Changed in: efivar (Ubuntu Trusty)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modu
Accepted efivar into precise-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/efivar/0.21-1~12.04.1
in a few hours, and then in the -proposed repository.
** Changed in: efivar (Ubuntu Precise)
Status: New => Fix Committed
--
You received this b
This efibootmgr upload to precise and trusty is not required; it was
only included because of a Breaks: from libefivar0 to older versions of
efibootmgr, but in 14.04 and older, efibootmgr does not depend on
libefivar0 at all so there is no runtime incompatibility.
The efivar in trusty should be ad
New upload required for efivar in trusty, to drop the spurious Breaks:.
** Changed in: efivar (Ubuntu Trusty)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchp
Accepted mokutil into precise-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/mokutil/0.3.0-0ubuntu3~12.04.1 in a
few hours, and then in the -proposed repository.
** Changed in: mokutil (Ubuntu Precise)
Status: New => Fix Committed
--
You rec
Hello Mathieu, or anyone else affected,
Accepted efibootmgr into precise-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/efibootmgr/0.12-4ubuntu1~12.04.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package.
** Also affects: efibootmgr (Ubuntu)
Importance: Undecided
Status: New
** Changed in: efibootmgr (Ubuntu)
Status: New => Fix Released
** Changed in: efibootmgr (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: efibootmgr (Ubuntu Wily)
Status: New => Fix Re
For completeness the kernel side of this is being tracked under bug
#1566221.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules
** Changed in: shim-signed (Ubuntu)
Importance: Undecided => High
** Changed in: shim-signed (Ubuntu)
Status: New => Fix Released
** Changed in: shim-signed (Ubuntu)
Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)
--
You received this bug notification because you ar
** Also affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modu
Hello Mathieu, or anyone else affected,
Accepted mokutil into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/mokutil/0.3.0-0ubuntu3~14.04.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Changed in: efivar (Ubuntu Trusty)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Title:
[SRU] Enforce using signed kernels and modules on U
** Also affects: efivar (Ubuntu)
Importance: Undecided
Status: New
** Also affects: grub2 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: dkms (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: shim (Ubuntu Precise)
Importance
That should have read, any version of mokutil below 0.3.0-0ubuntu3~ will
not work correctly with lts kernels on the LTS releases.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1574727
Titl
This also needs a mokutil update, as the version in >=14.04 will not
work correctly with *-lts* kernels.
** Also affects: mokutil (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in
58 matches
Mail list logo