** Changed in: grub2 (Ubuntu Trusty)
Status: Won't Fix => In Progress
** Changed in: grub2-signed (Ubuntu Trusty)
Status: Won't Fix => In Progress
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1696599
Title:
backport/sync UEFI, Secure Boot support
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2-signed package in Ubuntu:
Fix Released
Status in grub2 source package in Trusty:
In Progress
Status in grub2-signed source package in Trusty:
In Progress
Status in grub2 source package in Xenial:
Fix Released
Status in grub2-signed source package in Xenial:
Fix Released
Status in grub2 source package in Yakkety:
Won't Fix
Status in grub2-signed source package in Yakkety:
Won't Fix
Status in grub2 source package in Zesty:
Fix Released
Status in grub2-signed source package in Zesty:
Fix Released
Status in grub2 source package in Artful:
Fix Released
Status in grub2-signed source package in Artful:
Fix Released
Bug description:
[Impact]
Since the implementation of UEFI Secure Boot in Ubuntu, there has been a
large number of changes to the EFI patchset, handled "upstream" at
https://github.com/vathpela/grub2-fedora/tree/sb.
This SRU is handled as a wholesale "sync" with a known set of patches
rather than individual cherry-picks given the high risk in cherry-
picking individual changes; we do not want to risk subtly breaking
Secure Boot support or introducing a security issue due to using
different sets of patches across our currently supported releases.
Using a common set of patches across releases and making sure we're in
sync with "upstream" for that particular section of the grub2 codebase
(specifically, UEFI/SB support is typically outside the GNU GRUB tree)
allows us to make sure UEFI Secure Boot remains supportable and that
potential security issues are easy to fix quickly given the complexity
of the codebase.
This is a complex set of enablement patches; most of them will be
fairly straightforward backports, but there are a few known warts:
* The included patches are based on grub2 2.02~beta3; as such, some
patches require extra backporting effort of other pieces of the loader
code down to releases that do not yet include 2.02~beta3 code.
[Test Case]
The desktop, server, and alternate install images should all boot and install
on an SB-enabled system. I would recommend testing installations from both a CD
and a USB stick. After each installation, validate that Secure Boot is enabled
by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as
/sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation
may be disabled).
Tests should include:
- booting with Secure Boot enabled
- booting with Secure Boot enabled, but shim validation disabled
- booting with Secure Boot disabled, but still in EFI mode
[Regression Potential]
Check that non-SB installations of all these images still work. For this, it
is sufficient to test with either a CD or a USB stick, but not necessarily both.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
