Add support for SBAT
Bug #1921539 reported by
Mario Limonciello
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Fix Released
|
High
|
Yuan-Chen Cheng | ||
fwupd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Mario Limonciello | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
fwupd-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Mario Limonciello | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Future releases of shim will require that EFI binaries that are chainloaded include an SBAT region. fwupd in bionic does not currently contain this region.
[Test Case]
Verify that a shim that checks for sbat region can boot the fwupd with sbat region.
[Regression Potential]
This is moving to a new stable release in each of the series which is in bug fix only mode. The sbat region is the only "feature" that has been backported to this series in over a year.
CVE References
Changed in fwupd (Ubuntu Bionic): | |
status: | New → In Progress |
assignee: | nobody → Mario Limonciello (superm1) |
Changed in fwupd-signed (Ubuntu Bionic): | |
assignee: | nobody → Mario Limonciello (superm1) |
Changed in fwupd (Ubuntu Focal): | |
status: | New → In Progress |
Changed in fwupd (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in fwupd (Ubuntu Hirsute): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Focal): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Hirsute): | |
status: | New → In Progress |
Changed in oem-priority: | |
assignee: | nobody → Yuan-Chen Cheng (ycheng-twn) |
tags: | added: oem-priority |
Changed in oem-priority: | |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | added: fwupd |
tags: | added: sbat |
tags: | removed: verification-needed |
Changed in oem-priority: | |
status: | Confirmed → In Progress |
Changed in fwupd-signed (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in oem-priority: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
All releases need to be updated including Hirsute.
Hirsute has fwupd 1.5.7 which contains sbat support, but had a mistake with the wrong character ('.' vs '-'). See https:/ /github. com/fwupd/ fwupd/pull/ 3070 for more context.