* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims
[Impact]
* New upstream shim release 15.3
* It includes and enforces SBAT validation
[Test Plan]
* https:/ /wiki.ubuntu. com/UEFI/ SecureBoot/ ShimUpdateProce ss/TestPlan
[Where problems could occur]
* Upgrading to new shim, without upgrading to the new grub with sbat will fail to boot, as grub must include SBAT section.
* Upgrading to new shim, without upgrading to the new fwupdate with sbat will fail to boot, as fwupdate must include SBAT section.
[Other Info]
* All patches are dropped, as all got included in the v15.3 upstream release
* Embedded ephemeral shim certificate is now gone, and archive key is used to sign fb/mm
* Vendor DBX is included that revokes Boothole & ACPI-bypass vulnerable grubs and shims