Package "shim"
Name: |
shim
|
Description: |
boot loader to chain-load signed boot loaders under Secure Boot
|
Latest version: |
15.7-0ubuntu1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Links
Download "shim"
Other versions of "shim" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
shim (15.7-0ubuntu1) kinetic; urgency=medium
* New upstream version 15.7 (LP: #1996503), highlights:
- Enable TDX measurements (LP: #1995852)
- Flush the memory region from i-cache before execution (LP: #1987541)
- Introspectable SBAT payload for TPM resealing efforts
- Don't measure MokListTrusted to PCR7
- SBAT level: shim,3
- SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
Note that shim requirement was not bumped as shim,2 shims are not
commonly available yet.
* SECURITY FIX: Buffer overflow when loading crafted EFI images.
- CVE-2022-28737
* Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains
* Import 20221103 Canonical vendor dbx.
This vendor dbx revokes all certificates that have been used
so far.
- CN = Canonical Ltd. Secure Boot Signing
- CN = Canonical Ltd. Secure Boot Signing (2017)
- CN = Canonical Ltd. Secure Boot Signing (ESM 2018)
- CN = Canonical Ltd. Secure Boot Signing (2019)
- CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019)
- CN = Canonical Ltd. Secure Boot Signing (2021 v1)
- CN = Canonical Ltd. Secure Boot Signing (2021 v2)
- CN = Canonical Ltd. Secure Boot Signing (2021 v3)
* Build-Depend on libefivar-dev
* debian/rules: Update COMMIT_ID
-- Julian Andres Klode <email address hidden> Fri, 18 Nov 2022 16:00:39 +0100
|
Source diff to previous version |
1996503 |
shim 15.7-0ubuntu1 |
1995852 |
shim TDX enablement |
1987541 |
shim executes GRUB w/ dirty instruction cache on arm64 |
CVE-2022-28737 |
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into acc |
|
shim (15.4-0ubuntu9) hirsute; urgency=medium
* Fix booting installer media on some machines (LP: #1937115)
- Always fallback to the default loader (PR #393)
- Dump load options parsed (PR #393)
- Disable load option parsing on removable media path (PR #399)
* trivial: Fix a minor overflow in the mok importing code (PR #365)
* Fix fall back loader to find the correct boot entry, avoiding potential
corruption of firmware (PR #396).
-- Julian Andres Klode <email address hidden> Fri, 06 Aug 2021 13:16:33 +0200
|
1937115 |
Unable to boot/install Impish daily in UEFI boot mode |
|
About
-
Send Feedback to @ubuntu_updates