| 2023-03-16 09:33:49 |
Julian Andres Klode |
bug |
|
|
added bug |
| 2023-03-16 09:45:47 |
Julian Andres Klode |
summary |
[SRU] gnu-efi 3.0.15 |
[SRU] [HWE] gnu-efi 3.0.15 |
|
| 2023-03-16 09:46:18 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
|
| 2023-03-16 09:49:51 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Kinetic |
|
| 2023-03-16 09:49:51 |
Julian Andres Klode |
bug task added |
|
gnu-efi (Ubuntu Kinetic) |
|
| 2023-03-16 09:49:56 |
Julian Andres Klode |
gnu-efi (Ubuntu): status |
New |
Fix Released |
|
| 2023-03-16 09:51:40 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
|
| 2023-03-16 09:52:33 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Jammy |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
bug task added |
|
gnu-efi (Ubuntu Jammy) |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Focal |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
bug task added |
|
gnu-efi (Ubuntu Focal) |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Bionic |
|
| 2023-03-16 09:53:23 |
Julian Andres Klode |
bug task added |
|
gnu-efi (Ubuntu Bionic) |
|
| 2023-03-16 09:53:31 |
Julian Andres Klode |
gnu-efi (Ubuntu Focal): status |
New |
Won't Fix |
|
| 2023-03-16 09:53:33 |
Julian Andres Klode |
gnu-efi (Ubuntu Jammy): status |
New |
Won't Fix |
|
| 2023-03-16 09:53:37 |
Julian Andres Klode |
gnu-efi (Ubuntu Bionic): status |
New |
Won't Fix |
|
| 2023-03-16 09:55:25 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
|
| 2023-03-16 09:56:57 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
|
| 2023-03-16 10:03:57 |
Julian Andres Klode |
gnu-efi (Ubuntu Kinetic): status |
New |
Triaged |
|
| 2023-03-16 10:13:15 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Regression potential]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
|
| 2023-03-16 10:22:15 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and systemd doesn't FTBFS.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and reverse build depends don't FTBFS.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
|
| 2023-03-16 10:36:01 |
Julian Andres Klode |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds and reverse build depends don't FTBFS.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds. Also test and fix any reverse build depends regressions in main.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
|
| 2023-04-14 16:26:11 |
Steve Langasek |
gnu-efi (Ubuntu Kinetic): status |
Triaged |
Fix Committed |
|
| 2023-04-14 16:26:12 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2023-04-14 16:26:14 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2023-04-14 16:26:18 |
Steve Langasek |
tags |
|
verification-needed verification-needed-kinetic |
|
| 2023-04-14 16:28:14 |
Steve Langasek |
description |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds. Also test and fix any reverse build depends regressions in main.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
[Impact]
gnu-efi 3.0.15 is required for fwupd-efi 1.4 to work correctly on firmware requiring NX memory in boot stack.
Updating gnu-efi also ensures that all our fwupd-efi 1.4 binaries ship the same code which makes it easier to reason about security vulnerabilities.
[Workflow]
gnu-efi is built in ppa:ubuntu-uefi-team/ubuntu/ppa against the security pocket only following the in-progress signed boot asset workflow.
[Target releases]
We are only building boot assets on the latest stable release, so will SRU that only to kinetic. Rebuilding the boot assets in older stable releases should still work though, they do not technically require gnu-efi 3.0.15 for building (fwupd-efi actually doesn't build due to debhelper 13 dependency).
The tasks have been set to Won't Fix on older releases to make this clear, but this is not a hard decision, if we fix fwupd-efi to build on those releases and it turns out we need gnu-efi 3.0.15 anyhow, we can still upload it, but of course this increases regression potential for those releases.
[Test plan]
We can't test the NX support yet as we do not have a shim with NX support. Test that fwupd-efi 1.4 builds. Also test and fix any reverse build depends regressions in the archive.
We will test NX support when we work on the NX supported shim.
[Where problems could occur]
To my knowledge, fwupd-efi is the only supported component in the archive that uses gnu-efi. Some more binaries are built with gnu-efi and might regress, e.g. systemd. |
|
| 2023-04-14 17:23:46 |
Julian Andres Klode |
tags |
verification-needed verification-needed-kinetic |
verification-done verification-done-kinetic |
|
| 2023-07-10 11:05:46 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2023-07-10 11:06:12 |
Launchpad Janitor |
gnu-efi (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
