© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Aleksandr,
Thank you very much for the testing, I appreciate it.
As far as upstream goes, they would like to go with the approach of compiling out the Shell fully from images that support Secure Boot. I ultimately think that is the best approach, and we should eventually do that too and use python-uefivars for key enrollment, but that is likely too big of a change for backporting to stable releases.
So unless there are objections, my current proposal is as follows:
1. Set the CRD for the CVE in Debian/Ubuntu, then after CRD release my patch as the security update on supported releases (applies to both edk2 package and LXD snap).
2. At some (currently unspecified) point in time, I'll develop a new key enrollment strategy for the edk2 package (that LXD can also choose to adopt), and then we can drop the patch from devel and compile out the Shell without having to do big changes to stable.
Mate