Comment 0 for bug 1700170

[Impact]
shim-signed ships the signed shim$arch.efi binary that goes with the shim package available in each release, which should remain synchronized across all supported releases as to make sure the security sensitive binary can be appropriately supported.

shim-signed also ships some additional bits that are useful to go along with the shim binary; and this is what is actually targetted on this SRU: shim itself does not change, but in the interest of making support as easy as possible, the supporting files shipped with it are also kept synchronized across releases.

These files are the following:
 - an apport hook, useful to let users report issues in updating the Boot Entries on their firmware, debugging upgrade issues, etc; and provides critical information about the system on which a bug is reported about the state of that system's EFI firmware: whether EFI validation is enabled, whether Secure Boot is enabled, whether it was properly started by the kernel;
 - a BOOT$arch.CSV file, to be installed by grub2 if present, where grub2 has that feature (in artful only), or to be installed manually by the user if wanted. This file is a text file that provides the location of shim on a system when running the shim fallback binary (also not installed prior to artful).

[Test case]
See the other closed bugs for this backport, which include their own test cases.

== boot.csv ==
1) Verify that /usr/lib/shim/BOOTx64.EFI contains:
shimx64.efi,ubuntu,,This is the boot entry for Ubuntu

[Regression potential]
See the other closed bugs for this backport, which include their own test cases.

Shipping the BOOT$arch.CSV file alone has no risk of regression, it constitutes a single text file shipped in a location where it is not used; it is only contained in the backport to simplify keeping the shim-signed packages synchronized.