[Impact]
We might want to boot securely one of these days.
[Test case]
A) Upgrading
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Verify that the new shimx64.efi file is under /boot/efi/EFI/ubuntu, along with mmx64.efi and fbx64.efi.
- Verify that /boot/efi/EFI/ubuntu/MokManager.efi no longer exists.
B) Booting normally
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, with Secure Boot enabled.
- Verify it boots successfully to the login prompt.
- There should be no messages about "Verification failure" or other errors before the kernel is loaded.
B) Network boot.
- Update to shim signed and grub2 signed EFI binaries on the TFTP server used.
- Verify that a network booting system still boots normally through shim and grub, reaching a login prompt.
C) BootEntry options
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Update or install fwupdate.
- Verify that new updates can be applied via fwupdate, that when an update is available, fwupdate will correctly start, apply the update, and reboot to shim normally, leading to a working system.
[Regression Potential]
Any failure to load the kernel from grub, or for shim to load grub, or for the system firmware to load shim (such as "Verification failure" messages) or failure to retrieve or parse BootEntry extended options (such as necessary to load MokManager or fwupdate) should be considered regressions.
[Impact]
We might want to boot securely one of these days.
[Test case] EFI/ubuntu, along with mmx64.efi and fbx64.efi. EFI/ubuntu/ MokManager. efi no longer exists.
A) Upgrading
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Verify that the new shimx64.efi file is under /boot/efi/
- Verify that /boot/efi/
B) Booting normally
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, with Secure Boot enabled.
- Verify it boots successfully to the login prompt.
- There should be no messages about "Verification failure" or other errors before the kernel is loaded.
B) Network boot.
- Update to shim signed and grub2 signed EFI binaries on the TFTP server used.
- Verify that a network booting system still boots normally through shim and grub, reaching a login prompt.
C) BootEntry options
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Update or install fwupdate.
- Verify that new updates can be applied via fwupdate, that when an update is available, fwupdate will correctly start, apply the update, and reboot to shim normally, leading to a working system.
[Regression Potential]
Any failure to load the kernel from grub, or for shim to load grub, or for the system firmware to load shim (such as "Verification failure" messages) or failure to retrieve or parse BootEntry extended options (such as necessary to load MokManager or fwupdate) should be considered regressions.