lp:ubuntu/yakkety/shim-signed
- Get this branch:
- bzr branch lp:ubuntu/yakkety/shim-signed
Branch information
- Owner:
- Steve Langasek
- Status:
- Development
Recent revisions
- 31. By Mathieu Trudel-Lapierre
-
Update to the signed 0.9+1465500757.
14a5905- 0ubuntu1 binary from Microsoft.
(LP: #1581299) - 30. By Mathieu Trudel-Lapierre
-
* update-
secureboot- policy:
- Add a --help option, document other options. (LP: #1604936)
- Rework prompting to display our Secure Boot warning and explanation
text more prominently, rather than forcing graphical users to hit
"Help" to see the full explanation for why we ask about disabling
Secure Boot. (LP: #1595611) - 29. By Steve Langasek
-
update-
secureboot- policy: If /proc/sys/ kernel/ moksbstate_ disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873. - 28. By Mathieu Trudel-Lapierre
-
* update-
secureboot- policy: rework setting capabilities to stop having
the backup capability while showing an error message; which won't affect
the Dialog debconf frontend but otherwise made the GTK frontend confusing.
* update-secureboot- policy: all debconf prompts should be at priority
critical: there is no good default to pick, we must prompt the user.
* debian/templates: make the password inputs be standard inputs; this is an
unfortunate workaround to aptdaemon not having access to the debconf
password database on desktop; since the frontend runs as an unprivileged
user. See bug LP#1599981 (LP: #1599051) - 27. By Mathieu Trudel-Lapierre
-
debian/
shim-signed. postinst: call for the trigger on update of shim-signed. - 26. By Mathieu Trudel-Lapierre
-
update-
secureboot- policy: validate the state of MokSBStateRT against what
the kernel believes it to be via /proc/sys/kernel/ moksbstate_ disabled,
in case we have the kernel which knows about shim's validation policy but
an old shim that doesn't export MokSBStateRT. - 25. By Mathieu Trudel-Lapierre
-
* update-
secureboot- policy:
- Make it easier for users to really re-enable Secure Boot via an --enable
option.
- Don't prompt for action if there are no DKMS packages installed, as per
checking if there are any subdirectories in /var/lib/dkms. - 24. By Mathieu Trudel-Lapierre
-
* update-
secureboot- policy: have a trigger-ready script available to deal
with the necessity to change Secure Boot policy on a system.
* debian/shim-signed. templates: ship the necessary templates for secureboot.
* debian/shim-signed. postinst: Run our trigger script to update Secure Boot
policy when necessary at the end of installs, without calling dpkg-trigger
again. - 23. By Mathieu Trudel-Lapierre
-
debian/control: add Depends on mokutil, to ship a way for users to
control shim features, such as enrolling new keys.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)