shim 15.7-0ubuntu1 source package in Ubuntu
Changelog
shim (15.7-0ubuntu1) kinetic; urgency=medium * New upstream version 15.7 (LP: #1996503), highlights: - Enable TDX measurements (LP: #1995852) - Flush the memory region from i-cache before execution (LP: #1987541) - Introspectable SBAT payload for TPM resealing efforts - Don't measure MokListTrusted to PCR7 - SBAT level: shim,3 - SBAT policy bumped to for grub,2 in previous and grub,3 in latest: SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n" Note that shim requirement was not bumped as shim,2 shims are not commonly available yet. * SECURITY FIX: Buffer overflow when loading crafted EFI images. - CVE-2022-28737 * Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains * Import 20221103 Canonical vendor dbx. This vendor dbx revokes all certificates that have been used so far. - CN = Canonical Ltd. Secure Boot Signing - CN = Canonical Ltd. Secure Boot Signing (2017) - CN = Canonical Ltd. Secure Boot Signing (ESM 2018) - CN = Canonical Ltd. Secure Boot Signing (2019) - CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019) - CN = Canonical Ltd. Secure Boot Signing (2021 v1) - CN = Canonical Ltd. Secure Boot Signing (2021 v2) - CN = Canonical Ltd. Secure Boot Signing (2021 v3) * Build-Depend on libefivar-dev * debian/rules: Update COMMIT_ID -- Julian Andres Klode <email address hidden> Fri, 18 Nov 2022 16:00:39 +0100
Upload details
- Uploaded by:
- Julian Andres Klode
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64
- Section:
- admin
- Urgency:
- Medium Urgency
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
shim_15.7.orig.tar.bz2 | 1.3 MiB | 87cdeb190e5c7fe441769dde11a1b507ed7328e70a178cd9858c7ac7065cfade |
shim_15.7-0ubuntu1.debian.tar.xz | 20.7 KiB | fa05bc6339ffc333552b05b782a2608f31f52d0920b7648e8eda13b74fbc0ade |
shim_15.7-0ubuntu1.dsc | 2.1 KiB | ba8ae231caa08d6be3bacb3e1a450896bbe99c86ab587a086b4c6842bf706bba |
Available diffs
Binary packages built by this source
- shim: No summary available for shim in ubuntu kinetic.
No description available for shim in ubuntu kinetic.
- shim-dbg: boot loader to chain-load signed boot loaders under Secure Boot (dbg symbols)
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the CA.
.
Debug symbols.