Please provide dual-signed shim chained to both MS & Canonical certificates
Bug #1884566 reported by
Dimitri John Ledkov
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shim-signed (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
Please provide dual-signed shim chained to both MS & Canonical certificates
Implementation provided as:
- shim-canonical => to submit shim for signing (ideally this portion of code should be merged into the src:shim package, when we rebuild it from scratch next)
- shim-signed => to construct dual-signed shim
This also makes it easier to test shim uploads, as a PPA built of shim-canonical, produces signed shim, for which one can import a certificate and use straight away.
See:
https:/
https:/
This work is required for UC20 1.0 release
| information type: | Public → Private Security |
| information type: | Private Security → Public Security |
| information type: | Public Security → Public |
Revision history for this message
| Steve Langasek (vorlon) wrote | #1 |
Revision history for this message
| Dimitri John Ledkov (xnox) wrote | #2 |
| Changed in shim-signed (Ubuntu): | |
| status: | New → Incomplete |
| Changed in shim-signed (Ubuntu): | |
| status: | Incomplete → Fix Released |
To post a comment you must log in.
Regarding shim-canonical, this looks to me like it should be a one-off, and future signing requests should be done through the shim package itself. Can you raise an MP for that?
Also, is it really the Ubuntu online signing key that you want to be signing this shim, and not the UC20 online signing key?