shim-signed 1.40.9 source package in Ubuntu
Changelog
shim-signed (1.40.9) focal; urgency=medium
[ dann frazier ]
* Fix arm64 issues due to hardcoding "x64" as the EFI architecture.
(LP: #2004208)
* is-not-revoked: Support vmlinux.gz files as used on arm64.
(LP: #2004201)
shim-signed (1.40.8) focal; urgency=medium
* New upstream version 15.7 (LP: #1996503)
- SBAT level: shim,3
- SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
* SECURITY FIX: Buffer overflow when loading crafted EFI images.
- CVE-2022-28737
* debian/control: Depend on new grub versions (1.191 on lunar+, 1.187.2 elsewhere)
* Break fwupd-signed signed with old keys
* Check for revoked fb,mm binaries in build, grubs, fwupd in autopkgtest
* Install both previous and latest shim as alternatives. On secure boot
systems, if the current kernel or any newer one is revoked, the previous
shim will continue to be used until current kernel and all newer ones
are signed with a non-revoked key.
-- Julian Andres Klode <email address hidden> Tue, 31 Jan 2023 12:57:37 +0100
Upload details
- Uploaded by:
- Julian Andres Klode
- Uploaded to:
- Focal
- Original maintainer:
- Steve Langasek
- Architectures:
- amd64 arm64
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | security | main | utils | |
| Focal | updates | main | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| shim-signed_1.40.9.tar.xz | 903.9 KiB | 23808b2570fc46b963ad09fa5a87cd1712035d406512cde1de7f95ad341c112a |
| shim-signed_1.40.9.dsc | 1.8 KiB | 8da308f872b447f60ca6f3d05035663f52904c050ebc4374fc78c955efe1a1e6 |
Available diffs
- diff from 1.40.7 (in Ubuntu) to 1.40.9 (3.9 KiB)
- diff from 1.40.8 to 1.40.9 (1.6 KiB)
- diff from 1.41 to 1.40.9 (12.4 KiB)
Binary packages built by this source
- shim-signed: Secure Boot chain-loading bootloader (Microsoft-signed binary)
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the CA.
.
This package contains the version of the bootloader binary signed by the
Microsoft UEFI CA.
