obsolete

shim-fedora-20210331

FEDORA-2021-c3d587d52c created by pjones 3 years ago for Fedora 33
  • Update to shim 15.4
  • Support for revocations via the ".sbat" section and SBAT EFI variable
  • A new unit test framework and a bunch of unit tests
  • No external gnu-efi dependency
  • Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233
  • Mark signed shim packages as protected in dnf. Resolves: #1874541
  • Conflict with older fwupd, but don't require it. Resolves: #1877751

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by pjones.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon bojan commented & provided feedback 3 years ago
karma

Works.

karma

This update can be pushed to stable now if the maintainer wishes

3 years ago
User Icon ersen provided feedback 3 years ago
karma

This update has been submitted for stable by bodhi.

3 years ago

This update has been unpushed.

adamwill edited this update.

3 years ago

This update has been submitted for testing by adamwill.

3 years ago

We should not push this stable without https://github.com/rhboot/shim/pull/362 .

This update has been pushed to testing.

3 years ago
User Icon decathorpe commented & provided feedback 3 years ago
karma

I'm getting this error with Secure Boot enabled on a Dell XPS 13 9370:

Bootloader has not verified loaded image.
System is compromised. halting

While sounding scary, it looks like this is a bug, and fixed by @adamwill 's pull request?

Still, this update makes my system not boot unless I disable secure boot, which kinda defeats the purpose of a security update.

@decathorpe note that, AIUI, the fact we're hitting this means SB was effectively not fully functional before - this seems to be how developer edition XPS systems ship (I didn't know about it either). SB is enabled in the firmware, but validation is disabled at the mok level, or something. We have to run a magic command to actually have SB working.

It is a bug that boot breaks in this config, though, and the fix is coming.

User Icon kparal commented & provided feedback 3 years ago
karma

my desktop (UEFI, no SB) still boots

pbrobinson edited this update.

3 years ago
User Icon andilinux commented & provided feedback 3 years ago
karma

works

User Icon andilinux commented & provided feedback 3 years ago
karma

no issues

User Icon adamwill commented & provided feedback 3 years ago

@pjones , could this be edited to include a newer build?

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon bytehackr provided feedback 2 years ago
karma
BZ#1592148 pxeboot shim crash using newer edk2 firmware

This update is marked obsolete because the F33 release is archived.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Builds
1
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
modified
3 years ago
BZ#1592148 pxeboot shim crash using newer edk2 firmware
0
1

Automated Test Results