Changelog
shim-signed (1.33.1~16.04.9) xenial; urgency=medium
* Do not build a dual-signed shim (fixing regression from ~16.04.7), and
disable verifying fbx64.efi and mmx64.efi certificates as xenial's
sbverify is unable to (impish works fine)
* Clean up debhelper log file accidentally imported into git during 16.04.7
import.
shim-signed (1.33.1~16.04.8) xenial; urgency=medium
* debian/*.postinst: Unconditionally call grub-install with
--force-extra-removable, so that the \EFI\BOOT removable path as used in
cloud images receives the updates. LP: #1930742.
* Update to shim 15.4-0ubuntu5:
- Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
is causing systems to run out of EFI storage space, or just hang up
when trying to write it (LP: #1924605) (LP: #1928434)
- Further relax the check for variable mirroring on non-secureboot systems
avoiding boot failures on out of space conditons (pull request #372)
- Don't unhook ExitBootServices() when EBS protection is disabled
(LP: #1931136) (pull request #378)
shim-signed (1.33.1~16.04.7) xenial; urgency=medium
* New upstream release 15.4. LP: #1921134
* Update packaging to pull fb and mm from shim-signed package as in
later releases, dropping the runtime dependency on shim.
* Add download-signed script from linux-signed package
* Add a versioned dependency on the mokutil that introduces --timeout, and
call mokutil --timeout -1 so that users don't end up with broken systems
by missing MokManager on reboot after install. LP: #1856422.
* Add versioned dependencies on grub-efi-amd64-signed and grub2-common,
to ensure we have SBAT-compatible grub.efi and grub 2.04-compatible
grub-install present when we are installing new shim to the ESP.
* Include reworked Makefile from devel to better assert the integrity of
the executables.
-- Julian Andres Klode <email address hidden> Wed, 23 Jun 2021 18:20:36 +0200
