This bug was fixed in the package edk2 - 0~20191122.bd85bf54-2ubuntu2
---------------
edk2 (0~20191122.bd85bf54-2ubuntu2) focal; urgency=medium
* Bring back (and fix) the "ms" option and restore the behavior of the
"secboot" option, which had changed when libvirt moved from built-in
nvram configs to parsing external firmware descriptors. LP: #1864532.
- Reintroduce OVMF_CODE.ms.fd symlink, but now it points to
OVMF_CODE.secboot.fd instead of OVMF_CODE.fd, which enforces SMM.
- Update firmware descriptor JSON files:
+ Update the existing secboot descriptor to use an empty variable
store. This makes it Secure Boot-capable, but with Secure Boot
initially disabled. Note that previously it used a store w/ keys
pre-enrolled, without advertising that feature.
+ Add a new "ms" descriptor which has keys pre-enrolled, has Secure
Boot enabled, and advertises the "enrolled-keys" feature.
+ Provide more details in "description" fields.
- README.Debian: Improve the use-case description for each image.
-- dann frazier <[email protected]> Fri, 03 Apr 2020 07:47:19 -0600
** Changed in: edk2 (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864532
Title:
Incorrect nvram template for secboot firmware
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1864532/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
