Your message dated Wed, 14 Feb 2024 15:06:30 +0000
with message-id <[email protected]>
and subject line Bug#1023491: fixed in edk2 2023.11-7
has caused the Debian Bug report #1023491,
regarding ovmf-ia32 lacks non-secboot firmware images, but qemu does not (yet)
support secboot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1023491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023491
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ovmf-ia32
Version: 2020.11-2+deb11u1
Hi,
Recently I wanted to analyze behavior of a 32-bit EFI OS bootfile, and
wanted to setup a KVM with 32 bit UEFI to do this.
However, qemu/kvm apparently does not (yet) support .secboot.fd UEFI
images, but these are the only ones available in ovmf-ia32.
Qemu just hangs on "Gues has not initialized the display (yet)" when
given a secboot image (when specified with -drive if=pflash...), or
fails immediately with "could not load PC BIOS ..." when specified with
-bios (but the latter happens with any 4M firmware image)
Eventually, I got ahead by getting an old RPM from Fedora 30, which does
also contain a non-secboot firmware image. This booted just fine on my
Debian Qemu.
Please bring back non-secboot images, until qemu can support secboot (or
until they supply readily discoverable documentation how to use secboot).
N.B. Non-secboot images are available alright in the 64bit version of
ovmf, but unfortunately I needed an 32bit UEFI for my tests.
Regards,
Alain
--- End Message ---
--- Begin Message ---
Source: edk2
Source-Version: 2023.11-7
Done: dann frazier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <[email protected]> (supplier of updated edk2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Feb 2024 07:35:13 -0700
Source: edk2
Architecture: source
Version: 2023.11-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: dann frazier <[email protected]>
Closes: 1023491
Changes:
edk2 (2023.11-7) unstable; urgency=medium
.
* ovmf, qemu-efi-*: Stop building Secure Boot code into non-secboot
images so they can include a built-in shell which is unsafe in
Secure Boot mode.
* ovmf-ia32: Add non-secboot image. Thanks to Lionel Debroux.
(Closes: #1023491).
* debian/tests/shell.py: Add tests for ovmf-ia32 non-secboot image.
* qemu-efi-aarch64: Add non-secboot variant. AAVMF_CODE.fd is the
secboot variant, so name it AAVMF_CODE.no-secboot.fd.
* qemu-efi-aarch64: Rename the secboot variant, AAVMF_CODE.fd,
to AAVMF_CODE.secboot.fd and add a compat symlink.
* ovmf, ovmf-ia32, qemu-efi-aarch64: Stop including a built-in shell
in secboot variants, CVE-2023-48733. Thanks to Mate Kukri.
LP: #2040137.
- d/tests: Drop the boot-to-shell tests for images w/ Secure Boot.
- d/tests: Update run_cmd_check_secure_boot() to not expect shell
interaction.
Checksums-Sha1:
a810f66c304dd9e35b04b122eb8ec6b32f4bc2e0 3053 edk2_2023.11-7.dsc
eba6d0bd0ac681707670c4a6c8e2f44482e05d0a 79788 edk2_2023.11-7.debian.tar.xz
028077bd5aa9b2dafbee5b94459681635ce3feed 12018 edk2_2023.11-7_source.buildinfo
Checksums-Sha256:
86e4d80f382b0e9a7ce11636a379dc8d4844828b5b931dac2295a1969b43c9fb 3053
edk2_2023.11-7.dsc
b91506d057612f3ef66e22da087cfa56d0a51aa6a2efc07e04be40999ef61845 79788
edk2_2023.11-7.debian.tar.xz
b4e32648af5261a923877b94f69b28ecff5459d40f775f9aa1fe93ed4ceebcc8 12018
edk2_2023.11-7_source.buildinfo
Files:
a941b895c6af24dec3b684df59972343 3053 misc optional edk2_2023.11-7.dsc
c82e713443e1a3c4eca49a89141a2da8 79788 misc optional
edk2_2023.11-7.debian.tar.xz
c5c43c71232912a6ad1bf43b4376a56e 12018 misc optional
edk2_2023.11-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAmXM0ikRHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkAUaQ//S7APF8nqZVv8Q5C1KZwIrO8Xq3KP893l
7NjymqJZ6euIdKaXha0a16GST49MkRPnR3WFg2z1JgRf44qBGYz7MS3+D9ZxAGtX
tG1QJrkk9CNbcdxvGTXneCvAU+qI7bXFqhJellQK2OFKB4Hu+SJqCeI7Hd8oyzxo
pnc98SoooEdEc4Wyi8WrwQ7IyxdG9Y/KbDNVRoaohM292pFEAv61fXAi87B788VS
Xfb/NbFrXZaKs/j3wsKs8tNLlncBtGNAXgPqfZlMCvpwQTY0VW+wOUniYm+BGdKI
FLKstD5O4dtBpXpz2rlaSVZ4MY65CPJKNxm8k7T6q+frQWPCTr1wkgYdok7jHfDU
ExPk4oJp4R35M/4HVy5mSrLVRsjPQ2w5xQu4yBp2oBXMPu5Tb29Gs9ITwBitLnP/
IUhWVZeM2WBpIm0pKVvbbPNGQN/u5h/OjmkrpU+sXsYvDbiSt7qd25ceoRPTQpAT
1lr+CBqOT6ixqJHw0w0AF7twwElp9Q6xVIcgQjBVD4spbx5LIwhk2OknQcTwJa8Y
jma1Wp2uN++eDccWUgzcik1NGI87Z0sHvCpH0uiZPH13S9Fv2QEggvLLxEnR5b07
sRkW8WkLWevm7k3hsQZixueEr7OCVbDCv+rnmC3Xhv7KDHa3InBD7esg3ND/pKt9
dVjUtFxr41U=
=nAT+
-----END PGP SIGNATURE-----
pgpIsw0L9zXG9.pgp
Description: PGP signature
--- End Message ---
