attach secureboot state files to shim-signed apport reports

Bug #1680279 reported by Steve Langasek on 2017-04-05
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
shim-signed (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

[SRU Justification]
I'm asking the same questions repeatedly of bug submitters about the state of secureboot on their systems, so we should just include these files in the apport hook. Since shim-signed changes in stable releases for policy reasons, this should be SRUed back in as well.

[Test case]
1. Install the shim-signed package from -proposed
2. Run apport-bug shim-signed
3. Confirm that the apport collection succeeds
4. Verify that the report to be sent includes keys for two files under /sys/firmware/efi/efivars and for /proc/sys/kernel/moksbstate_disabled

[Regression potential]
If I done messed up, we could fail to get bug reports about shim that we really need.

Steve Langasek (vorlon) on 2017-04-05
Changed in shim-signed (Ubuntu):
status: New → Fix Released

Hello Steve, or anyone else affected,

Accepted shim-signed into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.28~16.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Yakkety):
status: New → Fix Committed
tags: added: verification-needed
Changed in shim-signed (Ubuntu Xenial):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Steve, or anyone else affected,

Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.28~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Verified shim-signed 1.28~16.04.1 in xenial.

MokSBStateRT and SecureBoot are now included in apport reports, but they are being shown as binary data (as a single unprintable character). I think this qualifies as verification-failed.

tags: added: verification-failed-xenial
tags: added: verification-done-xenial
removed: verification-failed-xenial

I changed my mind; this is a verification-done: just knowing whether the files are there even if they're not mapping to proper data is already a plus.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shim-signed - 1.28~16.04.1

---------------
shim-signed (1.28~16.04.1) xenial; urgency=medium

  * Adjust apport hook to include key files that tell us about the system's
    current SB state. LP: #1680279.

 -- Steve Langasek <email address hidden> Wed, 05 Apr 2017 15:14:49 -0700

Changed in shim-signed (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers