Bug#920820: marked as done (shim-signed - Fails to boot if run via EFI shell)

To: Steve McIntyre <steve@einval.com>
Subject: Bug#920820: marked as done (shim-signed - Fails to boot if run via EFI shell)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 04 Aug 2023 10:15:03 +0000
Message-id: <[🔎] handler.920820.D920820.16911438801720459.ackdone@bugs.debian.org>
Reply-to: 920820@bugs.debian.org
References: <20230804101046.GA2283137@tack.einval.com> <20190129154849.z62dpw7gemclhu3n@shell.thinkmo.de>

Your message dated Fri, 4 Aug 2023 11:10:46 +0100
with message-id <20230804101046.GA2283137@tack.einval.com>
and subject line Re: Bug#920820: shim-signed - Fails to boot if run via EFI shell
has caused the Debian Bug report #920820,
regarding shim-signed - Fails to boot if run via EFI shell
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
920820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920820
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: shim-signed - Fails to boot if run via EFI shell

From: Bastian Blank <waldi@debian.org>

Date: Tue, 29 Jan 2019 16:48:50 +0100

Message-id: <20190129154849.z62dpw7gemclhu3n@shell.thinkmo.de>
Package: shim-signed
Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
Severity: important

shim fails to boot if it was started from the EFI shell in the EDK2
reference implementation.  Boot is aborted from the ExitBootServices
call:

| EFI stub: UEFI Secure Boot is enabled.
| Bootloader has not verified loaded image.
| System is compromised.  halting.

Bastian

-- 
The man on tops walks a lonely street; the "chain" of command is often a noose.
--- End Message ---

--- Begin Message ---

To: Bastian Blank <waldi@debian.org>, 920820-done@bugs.debian.org

Subject: Re: Bug#920820: shim-signed - Fails to boot if run via EFI shell

From: Steve McIntyre <steve@einval.com>

Date: Fri, 4 Aug 2023 11:10:46 +0100

Message-id: <20230804101046.GA2283137@tack.einval.com>

In-reply-to: <20190129154849.z62dpw7gemclhu3n@shell.thinkmo.de>

References: <20190129154849.z62dpw7gemclhu3n@shell.thinkmo.de>
On Tue, Jan 29, 2019 at 04:48:50PM +0100, Bastian Blank wrote:
>Package: shim-signed
>Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
>Severity: important
>
>shim fails to boot if it was started from the EFI shell in the EDK2
>reference implementation.  Boot is aborted from the ExitBootServices
>call:
>
>| EFI stub: UEFI Secure Boot is enabled.
>| Bootloader has not verified loaded image.
>| System is compromised.  halting.

As far as I can see this is working as expected. If you have the EFI
shell in your boot sequence, you've lost the trust chain.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"Since phone messaging became popular, the young generation has lost the
 ability to read or write anything that is longer than one hundred and sixty
 characters."  -- Ignatios Souvatzis
--- End Message ---

Reply to:

Prev by Date: Bug#1042964: shim-signed: policy violation: Recommends a package that is not in debian main
Next by Date: Bug#995155: shim-signed: fwupd updates fail (fixed in Ubuntu?)
Previous by thread: Bug#1042964: marked as done (shim-signed: policy violation: Recommends a package that is not in debian main)
Next by thread: Bug#995155: shim-signed: fwupd updates fail (fixed in Ubuntu?)
Index(es):
- Date
- Thread