Ubuntu
nullboot package

  1. Noble (24.04)
  2. Bug #2061754
  3. Comment #0

Comment 0 for bug 2061754

Revision history for this message
Julian Andres Klode (juliank) wrote :

[Impact]
new upstream release; usual dependency updates per Go MIR policy; aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.

[Test plan]
* Test suite passes

* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.

We have set block-proposed to allow testing in noble-proposed to be carried out before migration to noble release pocket.

[Where problems could occur]
Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.