[MIR] secureboot-db
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
secureboot-db (Ubuntu) |
Fix Released
|
Undecided
|
Adam Conrad | ||
Precise |
Fix Released
|
Undecided
|
Adam Conrad | ||
Quantal |
Fix Released
|
Undecided
|
Adam Conrad | ||
Raring |
Fix Released
|
Undecided
|
Adam Conrad | ||
shim-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Won't Fix
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Availability: The package is in universe in 13.04 (pending bug #1081700)
Rationale: This package is provided as part of Ubuntu's secure boot strategy and will also be backported to 12.04 LTS and 12.10 as part of https:/
Security: The package is new and has no security history. It is also simple and only ships data and runs sbkeysync in postinstall.
Quality assurance: there is no special configuration. Install the package and updates to DB and DBX are automatically performed in postinst via sbkeysync. There are no debconf questions or outstanding bugs. The package is for Ubuntu only, which is why it uses native packaging. There is no testsuite as there is no code to test. The package is lintian clean. The package ships a README.source which details how to add new signed updates to the package and testing procedures are documented and given to Foundations, QA, Security and PES.
UI standards: N/A
Dependencies: the package has a binary dependency on sbsigntool, which is already in main.
Standards compliance: The package meets FHS and Debian Policy standards.
Maintenance: The package will be maintained by Ubuntu Foundations and Ubuntu Security.
Background information: In order to properly support secure boot, we need a method to update the DB and DBX key databases to support key rotation and blacklisting.
affects: | Ubuntu Precise → secureboot-db (Ubuntu Precise) |
Changed in secureboot-db (Ubuntu Precise): | |
assignee: | nobody → Adam Conrad (adconrad) |
status: | New → Fix Released |
Changed in secureboot-db (Ubuntu Quantal): | |
assignee: | nobody → Adam Conrad (adconrad) |
status: | New → Fix Released |
Changed in secureboot-db (Ubuntu Raring): | |
assignee: | nobody → Adam Conrad (adconrad) |
status: | New → Fix Released |
tags: |
added: verification-done removed: verification-needed |
I accepted these for all releases today in an effort to push this along (they are essentially empty packages at this point) and knowing they were going to get an MIR review.