© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Copying these specific binaries from -updates to -security should be safe.
To verify this I have installed Focal and Jammy using the original install media to a laptop and VMs running secure boot. Software updates are disabled during OS install. After install, I configured apt to only use the -release and -security pocket and disabled APT recommends and suggestions. Using this APT configuration I ran apt update and upgrade to install the latest -security updates and rebooted. On these -security updated systems, I then enabled the -updates pocket and apt installed the binaries of the packages listed in this bug and rebooted, successfully. This testing was attempted many times and I believe this binary copy is safe.
The new grub may use features in a recent version of mokutil. A no-change rebuild of mokutil was added to security proposed. The above test passes without mokutil on both releases. Regardless, mokutil's will be staged to publish in -security before the -updates binaries are copied.
The following is the output from a jammy system in the environment described above installing the -updates packages:
ubuntu@
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
grub-efi-amd64-bin is already the newest version (2.06-2ubuntu14.1).
grub-efi-
shim-signed is already the newest version (1.51.3+
The following packages will be REMOVED:
grub-
Tmd64 | grub-pc,he following NEW packages will be installed:
grub-efi-amd64 grub-efi-amd64-dbg shim
0 upgraded, 3 newly installed, 2 to remove and 251 not upgradud.
Need to get 3,562 kB of archives.
After this operation, 19.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://
Get:2 http://
Get:3 http://
Fetched 3,562 kB in 0s (140 MB/s)
Preconfiguring packages ...
(Reading database ... 196968 files and directories currently installed.)
Removing grub-gfxpayload
dpkg: grub-pc: dependency problems, but removing anyway as you requested:
grub-efi-
Package grub-efi-amd64 is not installed.
Package grub-pc is to be removed.
Removing grub-pc (2.06-2ubuntu7.2) ...
Selecting previously unselected package grub-efi-amd64.
(Reading database ... 196946 files and directories currently installed.)
Preparing to unpack .../grub-
Unpacking grub-efi-amd64 (2.06-2ubuntu14.1) ...
Selecting previously unselected package shim.
Preparing to unpack .../shim_
Unpacking shim (15.7-0ubuntu1) ...
Selecting previously unselected package grub-efi-amd64-dbg.
Preparing to unpack .../grub-
Unpacking grub-efi-amd64-dbg (2.06-2ubuntu14.1) ...
Setting up shim (15.7-0ubuntu1) ...
Setting up grub-efi-amd64-dbg (2.06-2ubuntu14.1) ...
Setting up grub-efi-amd64 (2.06-2ubuntu14.1) ...
Installing grub to /boot/efi.
Installing for x86_64-efi platform.
Installation finished. No error reported.
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-
Found initrd image: /boot/initrd.
Found linux image: /boot/vmlinuz-
Found initrd image: /boot/initrd.
Memtest86+ needs a 16-bit boot, that is not available on EFI, exiting
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_
Adding boot menu entry for UEFI Firmware Settings ...
done
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for shim-signed (1.51.3+
```