[MIR] protection-domain-mapper & qrtr
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
protection-domain-mapper (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
qrtr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
The package protection-
The package protection-
It currently builds and works for architectures: any, verified as working on arm64
Link to package https:/
[Rationale]
- The package protection-
ubuntu-desktop on ARM64, as it enables power-indicator (among other
things) on most Windows on Arm laptops (qcom based laptops ~7 SKUs
and more coming). There is no other way to implement this.
- protection-
service it provides.
- There is no other/better way to solve this that is already in main
or should go universe->main instead of this. As this is the only
implementation of talking to the qcom hardware.
- The package protection-
later than today due to Mantic release, if we want to have the best
impression of Ubuntu Desktop in the live session on x13s.
- If that fails, having it fixed as SRU is the next best option.
[Security]
- No CVEs/security issues in this software in the past. This is a
reference open source implementation of these tools, which otherwise
are used on qcom Android devices
- no `suid` or `sgid` binaries no executables in `/sbin` and
`/usr/sbin`
- Package does install services: pd-mapper.service & qrtr-ns.service
which allow runtime access to the qcom hardware which are run as
root
- Security has been kept in mind and common isolation/
patterns are in place utilizing the following features:
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install, i.e. power indicator
straight away starts to show accurate battery information
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
https:/
- Debian https:/
- Upstream's bug tracker, e.g., GitHub Issues
- The package has important open bugs, listing them:
https:/
https:/
- The package does deal with exotic hardware, it is present at Lenovo
X13s to be able to test, fix and verify bugs as many users at
Canonical and Community have it. And it is available for purchase.
[Quality assurance - testing]
- The package does not run a test at build time because adequate
testing requires exotic hardware & specifically kernel driver loaded
- The package does not run an autopkgtest because testing requires
exotic hardware & specifically kernel driver loaded.
- The package does have not failing autopkgtests right now
- The package can not be well tested at build or autopkgtest time
because it requires exotic hardware to test. To make up for that:
- We have access to such hardware in the team (foundations & kernel)
- We will add a run-once manual test case to iso tracker to ensure
that "power indicator shows battery indicator %")
- We will execute this test case on every upload of
protection
as image milestone testing
- qrtr package is minimal and will be tested in a more wide
reaching solution context protection-
causing battery indicator to work.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
lack of manpages, lack of systemd hardening features in systemd unit
lack of manpage, lack of systemd hardening features in systemd unit
- Please link to a recent build log of the package
https:/
https:/
- This package does not rely on obsolete or about to be demoted packages.
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to debian/rules
https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be kernel-packages and I have their
acknowledgement for that commitment
- This does not use static builds
- This does not use vendored code
- This does not use vendored code
- This package is not rust based
- The package successfully built during the most recent test rebuild
[Background information]
The Package description explains the package well
Upstream Name matches package name
Link to upstream project are: https:/
https:/
This package unblocks announcement of Ubuntu Desktop on ARM64 Laptops
for the first time, on an arm64 laptop from a tier 1 OEM available for
sale now.
CVE References
description: | updated |
summary: |
- [MIR] qrtr + [MIR] protection-domain-mapper |
Changed in protection-domain-mapper (Ubuntu): | |
status: | New → Incomplete |
Changed in qrtr (Ubuntu): | |
status: | New → Incomplete |
Changed in protection-domain-mapper (Ubuntu): | |
assignee: | nobody → Dimitri John Ledkov (xnox) |
Changed in qrtr (Ubuntu): | |
assignee: | nobody → Dimitri John Ledkov (xnox) |
description: | updated |
Changed in protection-domain-mapper (Ubuntu): | |
status: | Incomplete → New |
Changed in qrtr (Ubuntu): | |
status: | Incomplete → New |
summary: |
- [MIR] protection-domain-mapper + [MIR] protection-domain-mapper & qrtr |
Changed in qrtr (Ubuntu): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
Changed in protection-domain-mapper (Ubuntu): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
Changed in qrtr (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Changed in protection-domain-mapper (Ubuntu): | |
assignee: | nobody → Lukas Märdian (slyon) |
dropped some stray todo's from the description