Created by Steve Langasek and last modified
Get this branch:
bzr branch lp:ubuntu/yakkety/shim-signed
Only Steve Langasek can upload to this branch. If you are Steve Langasek please log in for upload directions.

Related bugs

Related blueprints

Branch information

Steve Langasek

Recent revisions

31. By Mathieu Trudel-Lapierre

Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)

30. By Mathieu Trudel-Lapierre

* update-secureboot-policy:
  - Add a --help option, document other options. (LP: #1604936)
  - Rework prompting to display our Secure Boot warning and explanation
    text more prominently, rather than forcing graphical users to hit
    "Help" to see the full explanation for why we ask about disabling
    Secure Boot. (LP: #1595611)

29. By Steve Langasek

update-secureboot-policy: If /proc/sys/kernel/moksbstate_disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873.

28. By Mathieu Trudel-Lapierre

* update-secureboot-policy: rework setting capabilities to stop having
  the backup capability while showing an error message; which won't affect
  the Dialog debconf frontend but otherwise made the GTK frontend confusing.
* update-secureboot-policy: all debconf prompts should be at priority
  critical: there is no good default to pick, we must prompt the user.
* debian/templates: make the password inputs be standard inputs; this is an
  unfortunate workaround to aptdaemon not having access to the debconf
  password database on desktop; since the frontend runs as an unprivileged
  user. See bug LP#1599981 (LP: #1599051)

27. By Mathieu Trudel-Lapierre

debian/shim-signed.postinst: call for the trigger on update of shim-signed.

26. By Mathieu Trudel-Lapierre

update-secureboot-policy: validate the state of MokSBStateRT against what
the kernel believes it to be via /proc/sys/kernel/moksbstate_disabled,
in case we have the kernel which knows about shim's validation policy but
an old shim that doesn't export MokSBStateRT.

25. By Mathieu Trudel-Lapierre

* update-secureboot-policy:
  - Make it easier for users to really re-enable Secure Boot via an --enable
  - Don't prompt for action if there are no DKMS packages installed, as per
    checking if there are any subdirectories in /var/lib/dkms.

24. By Mathieu Trudel-Lapierre

* update-secureboot-policy: have a trigger-ready script available to deal
  with the necessity to change Secure Boot policy on a system.
* debian/shim-signed.templates: ship the necessary templates for secureboot.
* debian/shim-signed.postinst: Run our trigger script to update Secure Boot
  policy when necessary at the end of installs, without calling dpkg-trigger

23. By Mathieu Trudel-Lapierre

debian/control: add Depends on mokutil, to ship a way for users to
control shim features, such as enrolling new keys.

22. By Brian Murray

releasing package shim-signed version 1.11

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.