diff -Nru dkms-2.2.0.3/debian/changelog dkms-2.2.0.3/debian/changelog --- dkms-2.2.0.3/debian/changelog 2016-03-14 17:05:39.000000000 +0000 +++ dkms-2.2.0.3/debian/changelog 2016-03-19 01:08:22.000000000 +0000 @@ -1,3 +1,18 @@ +dkms (2.2.0.3-2ubuntu11) xenial; urgency=medium + + * debian/patches/shim_secureboot_support.patch: (LP: #1558438) + - fix quoting variables for setup_mok_validation() to account for passwords + that might have special characters. + - use printf rather than straight echo to pass values to mokutil. + - ask the user to confirm password; not just write it once, this will avoid + issues with typos in the Secure Boot keys. + * debian/templates: + - rename dkms/text/bad_secureboot_key to dkms/error/bad_secureboot_key. + - add dkms/text/secureboot_key_mismatch. + - add dkms/secureboot_key_again. + + -- Mathieu Trudel-Lapierre Fri, 18 Mar 2016 20:54:11 -0400 + dkms (2.2.0.3-2ubuntu10) xenial; urgency=medium * debian/patches/shim_secureboot_support.path: mokutil is annoying in that diff -Nru dkms-2.2.0.3/debian/patches/shim_secureboot_support.patch dkms-2.2.0.3/debian/patches/shim_secureboot_support.patch --- dkms-2.2.0.3/debian/patches/shim_secureboot_support.patch 2016-03-14 17:03:20.000000000 +0000 +++ dkms-2.2.0.3/debian/patches/shim_secureboot_support.patch 2016-03-18 23:21:30.000000000 +0000 @@ -11,8 +11,8 @@ dkms drivers that were added). --- - dkms_common.postinst | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 69 insertions(+) + dkms_common.postinst | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 82 insertions(+) Index: b/dkms_common.postinst =================================================================== @@ -27,7 +27,7 @@ uname_s=$(uname -s) _get_kernel_dir() { -@@ -293,3 +295,70 @@ for KERNEL in $KERNELS; do +@@ -293,3 +295,83 @@ for KERNEL in $KERNELS; do fi done @@ -66,21 +66,34 @@ + fi + + db_input high dkms/secureboot_key || true ++ db_input high dkms/secureboot_key_again || true + ;; + 3) + db_get dkms/secureboot_key -+ length=`echo $RET | wc -c` -+ if [ $length -lt 8 ] || [ $length -gt 16 ]; then -+ db_fset dkms/text/bad_secureboot_key seen false -+ db_input critical dkms/text/bad_secureboot_key ++ key="$RET" ++ db_get dkms/secureboot_key_again ++ again="$RET" ++ ++ if [ "$key" != "$again" ]; then ++ db_fset dkms/error/secureboot_key_mismatch seen false ++ db_input critical dkms/error/secureboot_key_mismatch + STATE=$(($STATE - 2)) -+ elif [ $length -ne 0 ]; then -+ echo "${RET}\n${RET}" | mokutil --disable-validation >/dev/null || true ++ else ++ length=`echo "$key" | wc -c` ++ if [ $length -lt 8 ] || [ $length -gt 16 ]; then ++ db_fset dkms/error/bad_secureboot_key seen false ++ db_input critical dkms/error/bad_secureboot_key ++ STATE=$(($STATE - 2)) ++ elif [ $length -ne 0 ]; then ++ printf '%s\n%s\n' "$RET" "$RET" | mokutil --disable-validation >/dev/null || true ++ fi + fi + + # Always clear secureboot key. + db_set dkms/secureboot_key '' + db_fset dkms/secureboot_key seen false ++ db_set dkms/secureboot_key_again '' ++ db_fset dkms/secureboot_key_again seen false + ;; + *) + break diff -Nru dkms-2.2.0.3/debian/templates dkms-2.2.0.3/debian/templates --- dkms-2.2.0.3/debian/templates 2016-01-12 20:29:17.000000000 +0000 +++ dkms-2.2.0.3/debian/templates 2016-03-19 01:09:12.000000000 +0000 @@ -2,8 +2,8 @@ Type: text _Description: Configuring Secure Boot -Template: dkms/text/bad_secureboot_key -Type: text +Template: dkms/error/bad_secureboot_key +Type: error _Description: Invalid password The Secure Boot key you've entered is not valid. The password used must be between 8 and 16 characters. @@ -30,3 +30,12 @@ Please enter a password for disabling Secure Boot. It will be asked again after a reboot. +Template: dkms/secureboot_key_again +Type: password +_Description: Re-enter password to verify: + Please enter the same password again to verify you have typed it correctly. + +Template: dkms/error/secureboot_key_mismatch +Type: error +_Description: Password input error + The two passwords you entered were not the same. Please try again.