[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#984531: fwupdate needs a stable update for SBAT support and re-signing

Package: fwupdate
Version: 12-4+deb10u1
Severity: important

Newer requirements for UEFI Secure Boot include signed binaries
containing SBAT metadata [1]. We'll need to update fwupdate in buster
to include that, and we'll also need to re-sign it using our rotated
signing keys.

[1] https://github.com/rhboot/shim/blob/main/SBAT.md

-- System Information:
Debian Release: 10.8
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fwupdate depends on:
ii  e2fsprogs     1.44.5-1+deb10u3
ii  efibootmgr    15-1
ii  libc6         2.28-10
ii  libefiboot1   37-2+deb10u1
ii  libefivar1    37-2+deb10u1
ii  libfwup1      12-4+deb10u1
ii  libpopt0      1.16-12
ii  libsmbios-c2  2.4.1-1

Versions of packages fwupdate recommends:
ii  fwupdate-amd64-signed [fwupdate-signed]  12+4+deb10u1

fwupdate suggests no packages.

-- no debconf information
Reply to: