Public bug reported:
The latest secureboot-db package pulled via an apt-get upgrade installed
several DBX entries into my system's secure boot EFI vars without
explicit permission.
This system is in setup mode, and it doesn't even have a PK installed.
Installing DBX entries should not happen in this case. Especially
without explicit consent of the system's owner / administrator. Why is
this enabled by default? The ubuntu installer doesn't even have the
option for turning it off. (It shouldn't be enabled by default in the
first place.)
This is a severe trust violation. I would expect ubuntu to do better
than randomly install Secure Boot entries as part of system update. (Or
should I start disabling the updater dialogs like I did with Windows 7
when MS started pulling crap like this with their update service?)
** Affects: secureboot-db (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1801626
Title:
secureboot-db installs new vars without explict owner permission
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/secureboot-db/+bug/1801626/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
