nullboot 0.5.1

Bug #2061754 reported by Julian Andres Klode
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nullboot (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
Noble
In Progress
Undecided
Unassigned

Bug Description

[Impact]
new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod); aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.

Targeted releases:

1. noble
2. jammy; after/when shim 15.8 lands there
3. focal; after/when shim 15.8 lands there

[Test plan]
* Test suite passes

* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.

We have set block-proposed to allow testing in noble-proposed to be carried out before migration to noble release pocket.

[Where problems could occur]
Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

description: updated
Changed in nullboot (Ubuntu Noble):
status: New → Fix Committed
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

Gauthier verified it still boots fine on CVM, hooray

tags: removed: block-proposed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nullboot - 0.5.1-0ubuntu1

---------------
nullboot (0.5.1-0ubuntu1) noble; urgency=medium

  [ Julian Andres Klode ]
  * New release adding support for shim 15.8-0ubuntu1 (LP: #2061754)
  * ci: Test against go 1.22
  * Update secboot for shim 15.8-1
  * Update snapd to 2.62
  * Build against shim 15.8-0ubuntu1

  [ dependabot[bot] ]
  * build(deps): bump github/codeql-action from 2 to 3
  * build(deps): bump actions/setup-go from 4 to 5
  * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
  * build(deps): bump golang.org/x/sys from 0.15.0 to 0.19.0

 -- Julian Andres Klode <email address hidden> Tue, 16 Apr 2024 10:53:07 +0200

Changed in nullboot (Ubuntu Noble):
status: Fix Committed → Fix Released
tags: added: block-proposed
Changed in nullboot (Ubuntu Noble):
status: Fix Released → In Progress
Jeremy Bícha (jbicha)
tags: added: jammy noble upgrade-software-version
removed: block-proposed
tags: added: focal
Changed in nullboot (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Julian Andres Klode (juliank) wrote :

@jbicha can you provide input into why you removed the block-proposed tag? This was breaking provisioning new CVM instances and it's not clear to me that Azure has a new matching encrypt-cloud-image deployed that would fix that issue.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

There was no comment on why the block-proposed tag was added. It looked like it was added only to keep the package from reaching Noble. It is also early in the Oracular cycle. Sorry if this caused extra work and headache.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.