This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1884159 Title: Update lockdown patches Status in linux package in Ubuntu: Fix Committed Status in linux-oem-osp1 package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Status in linux source package in Bionic: Fix Committed Status in linux-oem-osp1 source package in Bionic: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: Impact: The lockdown patches have evolved over time, and part of this was restricting more areas of the kernel. Not all of these additions were backported, and some can lead to lockdown bypasses, see [1] and [2]. Fix: Backport newer lockdown restrictions to older releases. Test Case: Test cases for most of the backports can be found at [3], and [4] is another test case. Some which need e.g. specific hardware to test have not been tested. Regression Potential: Most of these are small, simple fixes with low potential for regression. Users may also lose access to some functionality previously accissible under secure boot. Some changes are more substantial, especially the hw_param and debugfs changes for xenial, but they are based on well-tested upstream code. The xmon backports also carry a more moderate risk of regression. [1] https://lists.ubuntu.com/archives/kernel-team/2020-June/111050.html [2] https://lore.kernel.org/lkml/20200615104332.901519-1-ja...@zx2c4.com/ [3] https://git.launchpad.net/~sforshee/+git/lockdown-tests [4] https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884159/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
