Ubuntu
nullboot package

nullboot 0.5.1

  1. Jammy (22.04)
  2. Bug #2061754
Bug #2061754 reported by Julian Andres Klode
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nullboot (Ubuntu)
In Progress
Undecided
Unassigned
Focal
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
Noble
In Progress
Undecided
Unassigned

Bug Description

[Impact]
new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod); aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.

Targeted releases:

1. noble
2. jammy; after/when shim 15.8 lands there
3. focal; after/when shim 15.8 lands there

[Test plan]
* Test suite passes

* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.

We have set block-proposed to allow testing in noble-proposed to be carried out before migration to noble release pocket.

[Where problems could occur]
Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

See original description
Julian Andres Klode (juliank)
description: updated
Julian Andres Klode (juliank)
Changed in nullboot (Ubuntu Noble):
status: New → Fix Committed
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

Gauthier verified it still boots fine on CVM, hooray

tags: removed: block-proposed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nullboot - 0.5.1-0ubuntu1

---------------
nullboot (0.5.1-0ubuntu1) noble; urgency=medium

  [ Julian Andres Klode ]
  * New release adding support for shim 15.8-0ubuntu1 (LP: #2061754)
  * ci: Test against go 1.22
  * Update secboot for shim 15.8-1
  * Update snapd to 2.62
  * Build against shim 15.8-0ubuntu1

  [ dependabot[bot] ]
  * build(deps): bump github/codeql-action from 2 to 3
  * build(deps): bump actions/setup-go from 4 to 5
  * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
  * build(deps): bump golang.org/x/sys from 0.15.0 to 0.19.0

 -- Julian Andres Klode <email address hidden> Tue, 16 Apr 2024 10:53:07 +0200

Changed in nullboot (Ubuntu Noble):
status: Fix Committed → Fix Released
Julian Andres Klode (juliank)
tags: added: block-proposed
Łukasz Zemczak (sil2100)
Changed in nullboot (Ubuntu Noble):
status: Fix Released → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.