Backport UEFI Secure Boot support for Ubuntu 12.04.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu CD Images |
Fix Released
|
High
|
Colin Watson | ||
base-installer (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
debian-installer (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
grub-installer (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
grub2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
grub2-signed (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
linux-lts-quantal (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Andy Whitcroft | ||
linux-meta-lts-quantal (Ubuntu) |
Fix Released
|
High
|
Andy Whitcroft | ||
linux-signed-lts-quantal (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Andy Whitcroft | ||
livecd-rootfs (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
sbsigntool (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Andy Whitcroft | ||
shim (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
shim-signed (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
ubiquity (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
ubuntu-defaults-builder (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson |
Bug Description
[Impact]
Since systems are beginning to come out with UEFI Secure Boot enabled by default if they haven't already, we need to backport this support from 12.10 to 12.04.2. This is a complex set of enablement patches across a number of packages. Most of them will be fairly straightforward backports, but there are a few known warts:
* The grub2 support was built on 2.00, and depends on first backporting a number of other patches (mostly Unicode handling changes and UEFI variable support) to 1.99.
* 12.04.2 will have an alternate install image, which was removed from 12.10. Installer support here should be mostly the same as for the server image, but we have stricter space constraints and may need to adjust the way the signed kernel is delivered to deal with this. Andy Whitcroft and I have a plan for this which we'll implement between us in raring.
[Test Case]
The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, use debsums to check that kernel checksums are correct.
[Regression Potential]
Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both.
Related branches
Changed in grub2 (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → High |
Changed in grub2 (Ubuntu Precise): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
milestone: | none → ubuntu-12.04.2 |
Changed in grub2-signed (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → High |
Changed in grub2-signed (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
Changed in linux (Ubuntu): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Precise): | |
status: | New → Triaged |
tags: | added: bot-stop-nagging |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in grub2-signed (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in linux-signed (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → High |
Changed in linux-signed (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Andy Whitcroft (apw) |
milestone: | none → ubuntu-12.04.2 |
Changed in grub-installer (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in grub-installer (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in grub-installer (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.2 |
Changed in sbsigntool (Ubuntu Precise): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in ubuntu-cdimage: | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in base-installer (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in base-installer (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in ubiquity (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in debian-installer (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in debian-installer (Ubuntu Precise): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
assignee: | nobody → Colin Watson (cjwatson) |
tags: | added: kernel-da-key |
Changed in linux-signed (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in shim (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in shim (Ubuntu Precise): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in shim-signed (Ubuntu): | |
status: | New → Fix Released |
Changed in shim-signed (Ubuntu Precise): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in shim-signed (Ubuntu): | |
importance: | Undecided → High |
affects: | linux (Ubuntu) → linux-lts-quantal (Ubuntu) |
Changed in linux-lts-quantal (Ubuntu): | |
status: | Fix Released → Invalid |
Changed in base-installer (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in linux-signed (Ubuntu): | |
assignee: | nobody → Andy Whitcroft (apw) |
status: | Fix Released → In Progress |
Changed in livecd-rootfs (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in livecd-rootfs (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
Changed in ubuntu-defaults-builder (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in ubuntu-defaults-builder (Ubuntu Precise): | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Triaged |
no longer affects: | linux-signed (Ubuntu) |
no longer affects: | linux-signed (Ubuntu Precise) |
Changed in linux-lts-quantal-signed (Ubuntu Precise): | |
status: | New → In Progress |
Changed in grub2-signed (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in shim-signed (Ubuntu Precise): | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in grub-installer (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in ubuntu-defaults-builder (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in sbsigntool (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
status: | Triaged → In Progress |
Changed in sbsigntool (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in shim (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in shim-signed (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
affects: | linux-lts-quantal-signed (Ubuntu) → linux-signed-lts-quantal (Ubuntu) |
Changed in linux-signed-lts-quantal (Ubuntu): | |
importance: | Undecided → High |
status: | Confirmed → Invalid |
Changed in linux-signed-lts-quantal (Ubuntu Precise): | |
importance: | Undecided → High |
status: | In Progress → Fix Committed |
Changed in debian-installer (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in livecd-rootfs (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in ubiquity (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in linux-meta-lts-quantal (Ubuntu): | |
importance: | Undecided → High |
no longer affects: | linux-meta-lts-quantal (Ubuntu) |
no longer affects: | linux-meta-lts-quantal (Ubuntu) |
no longer affects: | linux (Ubuntu) |
no longer affects: | hello (Ubuntu) |
Changed in linux-meta-lts-quantal (Ubuntu): | |
importance: | Undecided → High |
milestone: | none → ubuntu-12.04.2 |
status: | New → Fix Committed |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in linux-signed-lts-quantal (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Enabled generation of signable images linux-lts-quantal.