lp:ubuntu/yakkety/shim-signed

Created by Steve Langasek on 2016-09-20 and last modified on 2016-09-20
Get this branch:
bzr branch lp:ubuntu/yakkety/shim-signed
Only Steve Langasek can upload to this branch. If you are Steve Langasek please log in for upload directions.

Related bugs

Related blueprints

Branch information

Owner:
Steve Langasek
Status:
Development

Recent revisions

31. By Mathieu Trudel-Lapierre on 2016-09-20

Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)

30. By Mathieu Trudel-Lapierre on 2016-09-20

* update-secureboot-policy:
  - Add a --help option, document other options. (LP: #1604936)
  - Rework prompting to display our Secure Boot warning and explanation
    text more prominently, rather than forcing graphical users to hit
    "Help" to see the full explanation for why we ask about disabling
    Secure Boot. (LP: #1595611)

29. By Steve Langasek on 2016-09-20

update-secureboot-policy: If /proc/sys/kernel/moksbstate_disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873.

28. By Mathieu Trudel-Lapierre on 2016-09-20

* update-secureboot-policy: rework setting capabilities to stop having
  the backup capability while showing an error message; which won't affect
  the Dialog debconf frontend but otherwise made the GTK frontend confusing.
* update-secureboot-policy: all debconf prompts should be at priority
  critical: there is no good default to pick, we must prompt the user.
* debian/templates: make the password inputs be standard inputs; this is an
  unfortunate workaround to aptdaemon not having access to the debconf
  password database on desktop; since the frontend runs as an unprivileged
  user. See bug LP#1599981 (LP: #1599051)

27. By Mathieu Trudel-Lapierre on 2016-09-20

debian/shim-signed.postinst: call for the trigger on update of shim-signed.

26. By Mathieu Trudel-Lapierre on 2016-09-20

update-secureboot-policy: validate the state of MokSBStateRT against what
the kernel believes it to be via /proc/sys/kernel/moksbstate_disabled,
in case we have the kernel which knows about shim's validation policy but
an old shim that doesn't export MokSBStateRT.

25. By Mathieu Trudel-Lapierre on 2016-09-20

* update-secureboot-policy:
  - Make it easier for users to really re-enable Secure Boot via an --enable
    option.
  - Don't prompt for action if there are no DKMS packages installed, as per
    checking if there are any subdirectories in /var/lib/dkms.

24. By Mathieu Trudel-Lapierre on 2016-09-20

* update-secureboot-policy: have a trigger-ready script available to deal
  with the necessity to change Secure Boot policy on a system.
* debian/shim-signed.templates: ship the necessary templates for secureboot.
* debian/shim-signed.postinst: Run our trigger script to update Secure Boot
  policy when necessary at the end of installs, without calling dpkg-trigger
  again.

23. By Mathieu Trudel-Lapierre on 2016-09-20

debian/control: add Depends on mokutil, to ship a way for users to
control shim features, such as enrolling new keys.

22. By Brian Murray on 2015-09-11

releasing package shim-signed version 1.11

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers