groovy / focal fwupd sbat support
Bug #1926011 reported by
Yuan-Chen Cheng
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Fix Released
|
High
|
Yuan-Chen Cheng | ||
fwupd (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Focal |
Won't Fix
|
High
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Unassigned | ||
fwupd-signed (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Focal |
Won't Fix
|
High
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
this is a follow-up bug for
https:/
[Impact]
Future releases of shim will require that EFI binaries that are chainloaded include an SBAT region. fwupd in bionic does not currently contain this region.
[Test Case]
Verify that a shim that checks for sbat region can boot the fwupd with sbat region.
[Regression Potential]
This is moving to a new stable release in each of the series which is in bug fix only mode. The sbat region is the only "feature" that has been backported to this series in over a year.
information type: | Proprietary → Public |
Changed in fwupd (Ubuntu): | |
status: | New → Confirmed |
tags: | added: oem-priority |
Changed in fwupd (Ubuntu): | |
importance: | Undecided → High |
Changed in fwupd (Ubuntu Groovy): | |
importance: | Undecided → High |
summary: |
- groovy fwupd sbat support + groovy / focal fwupd sbat support |
Changed in fwupd-signed (Ubuntu): | |
importance: | Undecided → High |
Changed in fwupd-signed (Ubuntu Groovy): | |
importance: | Undecided → High |
no longer affects: | oem-priority/focal |
Changed in fwupd (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in fwupd-signed (Ubuntu): | |
status: | New → Fix Released |
Changed in oem-priority: | |
status: | Confirmed → In Progress |
tags: |
added: verification-done-groovy removed: verification-needed-groovy |
Changed in fwupd (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in fwupd-signed (Ubuntu Focal): | |
importance: | Undecided → High |
tags: | removed: verification-needed |
tags: | added: fwupd |
Changed in oem-priority: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
xnox had a suggestion in previous issue that we should split the UEFI package from userland package and then only build and sign UEFI package one time.
This change has happened upstream, and now there is a separate fwupd-efi repository with it's own release. /github. com/fwupd/ fwupd-efi with release 1.0 here: https:/ /github. com/fwupd/ fwupd-efi/ releases/ tag/1.0
https:/
The userland packages all picked up a patch that allows skipping the build of the UEFI binary as well.
So my suggestion is that when impish opens we get the split package uploaded and working there, and then we do binary pocket copies to bring fwupd-efi and fwupd-efi-signed back to older releases.