If you want this in, then one must adjust secureboot-db package service
unit to ignore the error from sbkeysync, and/or declare the relevant
error codes as normal.
This behaviour has been discussed on the grub_distros keybase channel,
without any objections raised.
And no, seeing that package update / sbkeysync succeeded once, is not
good enough. As one has to verify that on every boot. Becuase dbx
variable store can be reverted/reset between each boot back to stock
defaults. Thus a single success from sbkeysync, can only give a false
sense of security.
** Changed in: sbsigntool (Ubuntu Groovy)
Status: Fix Released => Triaged
** Changed in: sbsigntool (Ubuntu Focal)
Status: In Progress => Won't Fix
** Changed in: sbsigntool (Ubuntu Bionic)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892797
Title:
sbkeysync fails to return non-zero on error
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1892797/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
