A newer dbx update has been published, thus this version should not go out to
updates & security.
The new update requires SBAT capable shim, which is in progress being rolled
out at the moment.
** Tags removed: verification-needed-bionic verification-needed-focal
verification-needed-xenial
**
** Changed in: secureboot-db (Ubuntu)
Importance: Undecided => Medium
** Changed in: secureboot-db (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: secureboot-db (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: secureboot-db (Ubuntu Bionic)
Importance:
Removed the verification-failed tags so that this bug doesn't show up in
the -proposed cleanup report of packages to remove from -proposed.
** Tags removed: block-proposed-groovy verification-failed-bionic
verification-failed-focal verification-failed-xenial verification-needed
** Tags added:
Based on comment #15, I assume the same deb will be released again to
focal-updates, Ubuntu only roll it back to focal-proposed to provide
Feodra community has more time to address the problem.
If it's an Ubuntu only machines, users are free and allowed to use the
same deb right now.
--
You
** Tags added: block-proposed-focal block-proposed-groovy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
secureboot-db 2020 update
To manage notifications about this bug go to:
The focal SRU has been rolled back for the time being from focal-updates
to focal-proposed, due to compatibility concerns with current Fedora.
They will be re-released at a later date. For the time being I am
marking verification-failed to block promotion, but this does not mean
they should be
"Yes, ESM will be poked after other series release this."
Dimitri - do we plan to respin trusty media with the upgraded grub?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
This bug was fixed in the package secureboot-db - 1.6~20.04.1
---
secureboot-db (1.6~20.04.1) focal; urgency=medium
* Ship MS 2020 split arch dbx updates. LP: #1890835
* Add arm64 architecture.
* Add breaks on grub-efi-$arch-signed less than security pocket.
-- Dimitri John
Publishing secureboot-db for focal-updates and focal-security. As
discussed, this is fine to go to -security too as it the package is
basically a 'pure data' package.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Slow phasing is merged and deployed now.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
Booted 20.04.1 ISO, in a 4k ovmf qemu KVM VM with secureboot MS keys and
installed secureboot-db from focal-proposed, checking in journalctl that
dbxupdate from 1.6~20.04.1 got applied.
Shut down the VM.
Attempted to boot 20.04 BETA iso, and it failed to boot with
Verification failed Security
Yes, ESM will be poked after other series release this.
** Tags removed: block-proposed-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
secureboot-db 2020 update
To manage
Someone will have to poke the ESM team to take care of trusty.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
secureboot-db 2020 update
To manage notifications about this bug go to:
Hello Dimitri, or anyone else affected,
Accepted secureboot-db into bionic-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/secureboot-
db/1.4.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Dimitri, or anyone else affected,
Accepted secureboot-db into focal-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/secureboot-
db/1.6~20.04.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
** Tags added: id-57571331a85e0e034520474d
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890835
Title:
secureboot-db 2020 update
To manage notifications about this bug go to:
Reuploaded with breaks on versions of signed grubs less than those in
the security pocket.
This however may introduce an inverse problem of attempting to either
remove signed grub, or remove secureboot-db, to resolve the conflict if
for some reason users prohibit upgrading the signed grub
Apologies if this is completely not a thing, but I'm a bit worried about
cases where people install the secureboot-db update but still have the
old grub2 installed (as there is no breaks). Will that cause a problem?
Since if I understand it (but I might be wrong), wouldn't they be unable
to boot
** Description changed:
+ NB! do not release this update to -updates, until slow phasing is
+ available, at 4% per day.
+
+ NB! ideally phase one series at the time, to ensure we can deal with a
+ flood of support requests if any arise.
+
[Impact]
* Ship 2020 dbxupdate from MS
** Description changed:
- secureboot-db 2020 update
+ [Impact]
- Expecting long period in -proposed.
+ * Ship 2020 dbxupdate from MS
- Test to ensure certified laptops are not bricked before publishing to
- updates.
+ [Test Case]
- Expecting slow phasing in -updates, at 4% a day, 25
This bug was fixed in the package secureboot-db - 1.6
---
secureboot-db (1.6) groovy; urgency=medium
* Ship MS 2020 split arch dbx updates. LP: #1890835
* Add arm64 architecture.
-- Dimitri John Ledkov Fri, 24 Jul 2020 00:34:57
+0100
** Changed in: secureboot-db (Ubuntu
** Description changed:
secureboot-db 2020 update
Expecting long period in -proposed.
- Expecting slow phasing in -updates.
+ Test to ensure certified laptops are not bricked before publishing to
+ updates.
- One series at the time.
+ Expecting slow phasing in -updates, at 4% a day,
** Description changed:
secureboot-db 2020 update
+
+ Expecting long period in -proposed.
+
+ Expecting slow phasing in -updates.
+
+ One series at the time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: secureboot-db (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: secureboot-db (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: secureboot-db (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects:
24 matches
Mail list logo
