2023-12-04 11:33:46 |
Julian Andres Klode |
bug |
|
|
added bug |
2023-12-04 13:48:15 |
Launchpad Janitor |
nullboot (Ubuntu): status |
New |
Fix Released |
|
2023-12-04 13:48:15 |
Launchpad Janitor |
cve linked |
|
2022-28737 |
|
2024-01-25 14:23:26 |
Dimitri John Ledkov |
description |
[Impact]
Security update for shim
[Test plan]
Something with resealing
[Where problems could occur]
Resealing could fail
Shim could fail to boot
Limited to Azure confidential VMs in scope |
[Impact]
Security update for shim
[Test plan]
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.
[Where problems could occur]
Resealing could fail
Shim could fail to boot
Limited to Azure confidential VMs in scope |
|
2024-01-25 14:23:34 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Jammy |
|
2024-01-25 14:23:34 |
Dimitri John Ledkov |
bug task added |
|
nullboot (Ubuntu Jammy) |
|
2024-01-25 14:23:34 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Focal |
|
2024-01-25 14:23:34 |
Dimitri John Ledkov |
bug task added |
|
nullboot (Ubuntu Focal) |
|
2024-01-25 14:24:36 |
Dimitri John Ledkov |
description |
[Impact]
Security update for shim
[Test plan]
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.
[Where problems could occur]
Resealing could fail
Shim could fail to boot
Limited to Azure confidential VMs in scope |
[Impact]
Security update for shim
[Test plan]
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.
[Where problems could occur]
Resealing could fail
Shim could fail to boot
Limited to Azure confidential VMs in scope
Upgrade to and usage of interim lunar & mantic ubuntu releases is not supported on the Azure CVMs and does not work, hence this bug targets SRUs for LTS releases only. |
|
2024-01-25 15:43:29 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Dimitri John Ledkov |
2024-02-06 16:39:44 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2024-02-08 19:36:30 |
Andreas Hasenack |
nullboot (Ubuntu Jammy): status |
New |
Incomplete |
|
2024-02-08 19:36:32 |
Andreas Hasenack |
nullboot (Ubuntu Focal): status |
New |
Incomplete |
|
2024-02-08 23:26:43 |
Dimitri John Ledkov |
nullboot (Ubuntu Focal): status |
Incomplete |
New |
|
2024-02-08 23:31:32 |
Dimitri John Ledkov |
nullboot (Ubuntu Jammy): status |
Incomplete |
Triaged |
|
2024-02-14 05:32:39 |
Chris Halse Rogers |
nullboot (Ubuntu Jammy): status |
Triaged |
Incomplete |
|
2024-02-14 12:50:13 |
Julian Andres Klode |
nullboot (Ubuntu Jammy): status |
Incomplete |
New |
|
2024-02-15 15:39:09 |
Mark Esler |
bug |
|
|
added subscriber Mark Esler |
2024-04-03 05:04:25 |
Chris Halse Rogers |
nullboot (Ubuntu Jammy): status |
New |
Fix Committed |
|
2024-04-03 05:04:27 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2024-04-03 05:04:32 |
Chris Halse Rogers |
tags |
|
verification-needed verification-needed-jammy |
|