* debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
SB patch set: (LP: #1696599)
- linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
chainloader.
- linuxefi_fix_validation_race.patch: Fix a race in validating images.
- linuxefi_chainloader_path.patch: honor the starting path for grub, so
images do not need to be started from $root.
- linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
when Secure Boot is enabled.
- linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
loaders: don't load the commands when Secure Boot is enabled.
- linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
initrd commands to automatically hand-off to linuxefi/initrdefi; re-
enable the linux loader.
- linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
"special" PE images, such as Windows'.
- linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
disabled or shim validation is disabled so loading works as EFI binaries
when it is supposed to.
- Removed linuxefi_require_shim.patch; superseded by the above.
(LP: #1689687)
This bug was fixed in the package grub2 - 2.02~beta3- 4ubuntu2. 2
--------------- 4ubuntu2. 2) zesty; urgency=medium
grub2 (2.02~beta3-
* debian/patches: Rework linuxefi/SecureBoot support and sync with upstream arm_sb_ support. patch: add Secure Boot support for arm for its fix_validation_ race.patch: Fix a race in validating images. chainloader_ path.patch: honor the starting path for grub, so chainloader_ sb.patch: Fix some more issues in chainloader use loaders_ enforce_ sb.patch: Enforce Secure Boot policy for all re-enable_ linux_cmd. patch: Since we rely on the linux and chainloader_ pe_fixes. patch: PE parsing fixes for chainloading rework_ non-sb_ cases.patch: rework cases where Secure Boot is require_ shim.patch; superseded by the above.
SB patch set: (LP: #1696599)
- linuxefi_
chainloader.
- linuxefi_
- linuxefi_
images do not need to be started from $root.
- linuxefi_
when Secure Boot is enabled.
- linuxefi_
loaders: don't load the commands when Secure Boot is enabled.
- linuxefi_
initrd commands to automatically hand-off to linuxefi/initrdefi; re-
enable the linux loader.
- linuxefi_
"special" PE images, such as Windows'.
- linuxefi_
disabled or shim validation is disabled so loading works as EFI binaries
when it is supposed to.
- Removed linuxefi_
(LP: #1689687)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 14 Jun 2017 14:44:48 -0400