UbuntuUpdates.org

Package "shim"

Name: shim

Description:

boot loader to chain-load signed boot loaders under Secure Boot

Latest version: 15.7-0ubuntu1
Release: focal (20.04)
Level: updates
Repository: main

Links


Download "shim"


Other versions of "shim" in Focal

Repository Area Version
base main 15+1533136590.3beb971-0ubuntu1
security main 15.7-0ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 15.7-0ubuntu1 2023-03-15 00:06:54 UTC

  shim (15.7-0ubuntu1) kinetic; urgency=medium

  * New upstream version 15.7 (LP: #1996503), highlights:
    - Enable TDX measurements (LP: #1995852)
    - Flush the memory region from i-cache before execution (LP: #1987541)
    - Introspectable SBAT payload for TPM resealing efforts
    - Don't measure MokListTrusted to PCR7
    - SBAT level: shim,3
    - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
      SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
      Note that shim requirement was not bumped as shim,2 shims are not
      commonly available yet.
  * SECURITY FIX: Buffer overflow when loading crafted EFI images.
    - CVE-2022-28737
  * Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains
  * Import 20221103 Canonical vendor dbx.
    This vendor dbx revokes all certificates that have been used
    so far.
    - CN = Canonical Ltd. Secure Boot Signing
    - CN = Canonical Ltd. Secure Boot Signing (2017)
    - CN = Canonical Ltd. Secure Boot Signing (ESM 2018)
    - CN = Canonical Ltd. Secure Boot Signing (2019)
    - CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v1)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v2)
    - CN = Canonical Ltd. Secure Boot Signing (2021 v3)
  * Build-Depend on libefivar-dev
  * debian/rules: Update COMMIT_ID

 -- Julian Andres Klode <email address hidden> Fri, 18 Nov 2022 16:00:39 +0100

Source diff to previous version
1996503 shim 15.7-0ubuntu1
1995852 shim TDX enablement
1987541 shim executes GRUB w/ dirty instruction cache on arm64

Version: 15.4-0ubuntu9 2021-08-19 10:06:18 UTC

  shim (15.4-0ubuntu9) hirsute; urgency=medium

  * Fix booting installer media on some machines (LP: #1937115)
    - Always fallback to the default loader (PR #393)
    - Dump load options parsed (PR #393)
    - Disable load option parsing on removable media path (PR #399)
  * trivial: Fix a minor overflow in the mok importing code (PR #365)
  * Fix fall back loader to find the correct boot entry, avoiding potential
    corruption of firmware (PR #396).

 -- Julian Andres Klode <email address hidden> Fri, 06 Aug 2021 13:16:33 +0200

Source diff to previous version
1937115 Unable to boot/install Impish daily in UEFI boot mode

Version: 15.4-0ubuntu7 2021-08-02 21:06:24 UTC

  shim (15.4-0ubuntu7) hirsute; urgency=medium

  * Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
  * Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
  * Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
  * mok: relax the maximum variable size check (LP: #1934780) (PR #369)

 -- Julian Andres Klode <email address hidden> Wed, 07 Jul 2021 10:57:35 +0200

Source diff to previous version
1929471 Shim apparently fails to run fwupd64 (hirsute regression?)
1928010 Occasionally crashes in _relocate() on arm64
1934506 Mirrored MOK variables could be accidentally deleted
1934780 shim crashes on Mellanox BF1 SmartNIC

Version: 15+1552672080.a4a1fbe-0ubuntu2 2020-09-24 17:06:21 UTC

  shim (15+1552672080.a4a1fbe-0ubuntu2) focal; urgency=medium

  * d/patches/fix-path-checks.patch: Cherry-pick upstream fix for regression
    in loading fwupd, or anything else specified as an argument (LP: #1864223)

 -- Julian Andres Klode <email address hidden> Fri, 20 Mar 2020 16:19:14 +0100

1864223 shim 15+1552672080.a4a1fbe-0ubuntu1 fails to load fwupd



About   -   Send Feedback to @ubuntu_updates