$ systemctl cat secureboot-db.service | grep Condition
ConditionPathExists=/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
If db is empty, the var doesn't exist, and secureboot-db.service does
not run.
If db is populated, we populate dbx, to prevent known vulnerable
binaries to be usable on the system.
** Changed in: secureboot-db (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1801626
Title:
secureboot-db installs new vars without explict owner permission
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/secureboot-db/+bug/1801626/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
