I've updated the description to make the rationale clearer. This is a general backport of the patchset coming from "upstream" (in this case, being the "UEFI community" instead of GNU GRUB, and personified in this git tree from fedora), which include changes such as:
- general cleanup and fixes (memory usage, etc.) - load arm with SB enabled - fixing a race in EFI validation (verifying Secure Boot signature for a kernel) - allow chainloading including the device part of the EFI boot path (chainloading across drives, for example) - honour Secure Boot in the chainloader (verify via Shim, not just EFI Boot Services) - avoid loading modules not permissible in Secure Boot - fixes for PE section alignment (mostly related to chainloading the Windows bootloader) - properly handle Secure Boot state when loading images (behaving correctly when Secure Boot validation in shim is disabled; correctly interpreting the result of shim's Secure Boot validation failing in the cases where SB is disabled in firmware vs. when it is disabled in shim or when not booting through shim) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1696599 Title: backport/sync UEFI, Secure Boot support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
