shim(-signed) NX support feature freeze exception request
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
cd-boot-images-amd64 (Ubuntu) | Status tracked in Oracular | |||||
Oracular |
Fix Released
|
Undecided
|
Unassigned | |||
cd-boot-images-arm64 (Ubuntu) | Status tracked in Oracular | |||||
Oracular |
Fix Released
|
Undecided
|
Unassigned | |||
shim (Ubuntu) | Status tracked in Oracular | |||||
Oracular |
Fix Released
|
Undecided
|
Unassigned | |||
shim-signed (Ubuntu) | Status tracked in Oracular | |||||
Oracular |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This is a high priority feature Canonical was developing during the Oracular Oriole cycle.
The GRUB piece has already hit the archive before FF as 2.12-1ubuntu9 (with 2.12-5ubuntu1 under review), but asking for an exception on the shim pieces due to Microsoft signing being required.
The following changes are being made:
- shim package: effectively identical upstream source, with minor changes to produce two executables, one with the NX_COMPAT set and another without
- shim-signed package: changes to choose which shim to install:
+ existing installation will get non-NX shim on package upgrades
+ new installations will get the NX shim
Code has already been tested and is available in the following repositories:
- https:/
- https:/
Testing in the above context means that both shims have been verified to boot correctly, with additional testing for the shim installation mechanism, and additional testing for the NX shim under the Microsoft Mu firmware that has an NX enforcing mode.
Usable self-signed test builds of the new shims can be found in my nx-testing PPA https:/
The shim-review required for MS submission is under internal review, then we will submit the shim-review to the community, and the shim afterwards for MS signing.
summary: |
- shim(-signed) NX support feature freeze exception + shim(-signed) NX support feature freeze exception request |
Changed in cd-boot-images-amd64 (Ubuntu Oracular): | |
milestone: | none → ubuntu-24.10 |
Changed in cd-boot-images-arm64 (Ubuntu Oracular): | |
milestone: | none → ubuntu-24.10 |
Changed in shim (Ubuntu Oracular): | |
milestone: | none → ubuntu-24.10 |
Changed in shim-signed (Ubuntu Oracular): | |
milestone: | none → ubuntu-24.10 |
Changed in shim (Ubuntu Oracular): | |
status: | Triaged → Fix Released |
Signed shims have been received from MS a while ago, this could still potentially make Oracular if desired.