Comment 0 for bug 1921134

Revision history for this message
Dimitri John Ledkov (xnox) wrote : SBAT shim 15.3 release

[Impact]

 * New upstream shim release 15.3
 * It includes and enforces SBAT validation

[Test Plan]

 * https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan

[Where problems could occur]

 * Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.

 * Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.

[Other Info]

 * All patches are dropped, as all got included in the v15.3 upstream release
 * Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
 * Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims