please backport support for EFI vars > 1KB
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Andy Whitcroft | ||
mountall (Ubuntu) |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Andy Whitcroft | ||
sbsigntool (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Invalid
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box).
[Test Case]
On EFI-enabled hardware:
1. verify that /sys/firmware/
2. install both linux-image-
3. reboot.
4. verify that /sys/firmware/
[Regression potential]
Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel.
As of Linux 3.5, it is not possible to update the SecureBoot database from userspace because the sysfs implementation only supports variable data up to 1KB in size and this is exceeded by even a minimum key database of one key.
Matt Fleming has accepted a patch from Matthew Garrett to add a new filesystem that supports larger variables. Please consider backporting this (as an SRU) to both quantal and precise.
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: kernel-da-key quantal |
tags: |
added: kernel-key removed: kernel-da-key |
tags: | added: precise |
Changed in linux (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Quantal): | |
assignee: | nobody → Andy Whitcroft (apw) |
status: | Triaged → In Progress |
tags: | removed: kernel-key |
Changed in mountall (Ubuntu Quantal): | |
status: | New → Fix Committed |
Changed in mountall (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in sbsigntool (Ubuntu Precise): | |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu Quantal): | |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in sbsigntool (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in sbsigntool (Ubuntu Precise): | |
status: | Triaged → Invalid |
Changed in linux (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
description: | updated |
description: | updated |
We'd need all three patches in that series:
https:/ /patchwork. kernel. org/bundle/ jk/efivarfs/