This bug was fixed in the package shim-signed - 1.32~14.04.2 --------------- shim-signed (1.32~14.04.2) trusty; urgency=medium
* Backport shim-signed 1.32 to 14.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP #1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. shim-signed (1.28) zesty; urgency=medium * Adjust apport hook to include key files that tell us about the system's current SB state. LP: #1680279. shim-signed (1.27) zesty; urgency=medium [ Steve Langasek ] * Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from Microsoft. * update-secureboot-policy: - detect when we have no debconf prompting and error out instead of ending up in an infinite loop. LP: #1673817. - refactor to make the code easier to follow. - remove a confusing boolean that would always re-prompt on a request to --enable, but not on a request to --disable. [ Mathieu Trudel-Lapierre ] * update-secureboot-policy: - some more fixes to properly handle non-interactive mode. (LP: #1673817) shim-signed (1.23) zesty; urgency=medium * debian/control: bump the Depends on grub2-common since that's needed to install with the new updated EFI binaries filenames. shim-signed (1.22) yakkety; urgency=medium * Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft. * Update paths now that the shim binary has been renamed to include the target architecture. * debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu; since it's being replaced by mm$arch.efi. shim-signed (1.21.3) vivid; urgency=medium * No-change rebuild for shim 0.9+1465500757.14a5905.is.0.8-0ubuntu3. shim-signed (1.21.2) vivid; urgency=medium * Revert to signed shim from 0.8-0ubuntu2. - shim.efi.signed originally built from shim 0.8-0ubuntu2 in wily. shim-signed (1.20) yakkety; urgency=medium * Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft. (LP: #1581299) -- Mathieu Trudel-Lapierre <cypher...@ubuntu.com> Mon, 10 Jul 2017 20:29:28 -0400 ** Changed in: shim-signed (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1673817 Title: update-secure-boot-policy behaving badly with unattended-upgrades To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs