Ubuntu
shim package

shim 15.7-0ubuntu1 source package in Ubuntu

Changelog

shim (15.7-0ubuntu1) kinetic; urgency=medium

  * New upstream version 15.7 (LP: #1996503), highlights:
    - Enable TDX measurements (LP: #1995852)
    - Flush the memory region from i-cache before execution (LP: #1987541)
    - Introspectable SBAT payload for TPM resealing efforts
    - Don't measure MokListTrusted to PCR7
    - SBAT level: shim,3
    - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
      SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
      Note that shim requirement was not bumped as shim,2 shims are not
      commonly available yet.
  * SECURITY FIX: Buffer overflow when loading crafted EFI images.
    - CVE-2022-28737
  * Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains
  * Import 20221103 Canonical vendor dbx.
    This vendor dbx revokes all certificates that have been used
    so far.
    - CN = Canonical Ltd. Secure Boot Signing
    - CN = Canonical Ltd. Secure Boot Signing (2017)
    - CN = Canonical Ltd. Secure Boot Signing (ESM 2018)
    - CN = Canonical Ltd. Secure Boot Signing (2019)
    - CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v1)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v2)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v3)
  * Build-Depend on libefivar-dev
  * debian/rules: Update COMMIT_ID

 -- Julian Andres Klode <email address hidden>  Fri, 18 Nov 2022 16:00:39 +0100

Upload details

Uploaded by:
Julian Andres Klode
Uploaded to:
Kinetic
Original maintainer:
Ubuntu Developers
Architectures:
amd64 arm64
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal security main admin
Jammy security main admin
Bionic updates main admin
Mantic release main admin
Focal updates main admin
Lunar release main admin
Jammy updates main admin

Builds

Kinetic: [FULLYBUILT] amd64 [FULLYBUILT] arm64

Downloads

File Size SHA-256 Checksum
shim_15.7.orig.tar.bz2 1.3 MiB 87cdeb190e5c7fe441769dde11a1b507ed7328e70a178cd9858c7ac7065cfade
shim_15.7-0ubuntu1.debian.tar.xz 20.7 KiB fa05bc6339ffc333552b05b782a2608f31f52d0920b7648e8eda13b74fbc0ade
shim_15.7-0ubuntu1.dsc 2.1 KiB ba8ae231caa08d6be3bacb3e1a450896bbe99c86ab587a086b4c6842bf706bba

View changes file

Binary packages built by this source

shim: boot loader to chain-load signed boot loaders under Secure Boot

 This package provides a minimalist boot loader which allows verifying
 signatures of other UEFI binaries against either the Secure Boot DB/DBX or
 against a built-in signature database. Its purpose is to allow a small,
 infrequently-changing binary to be signed by the UEFI CA, while allowing
 an OS distributor to revision their main bootloader independently of the CA.

shim-dbg: boot loader to chain-load signed boot loaders under Secure Boot (dbg symbols)

 This package provides a minimalist boot loader which allows verifying
 signatures of other UEFI binaries against either the Secure Boot DB/DBX or
 against a built-in signature database. Its purpose is to allow a small,
 infrequently-changing binary to be signed by the UEFI CA, while allowing
 an OS distributor to revision their main bootloader independently of the CA.
 .
 Debug symbols.