Public bug reported: The latest secureboot-db package pulled via an apt-get upgrade installed several DBX entries into my system's secure boot EFI vars without explicit permission.
This system is in setup mode, and it doesn't even have a PK installed. Installing DBX entries should not happen in this case. Especially without explicit consent of the system's owner / administrator. Why is this enabled by default? The ubuntu installer doesn't even have the option for turning it off. (It shouldn't be enabled by default in the first place.) This is a severe trust violation. I would expect ubuntu to do better than randomly install Secure Boot entries as part of system update. (Or should I start disabling the updater dialogs like I did with Windows 7 when MS started pulling crap like this with their update service?) ** Affects: secureboot-db (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801626 Title: secureboot-db installs new vars without explict owner permission To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/secureboot-db/+bug/1801626/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs