Package "grub-efi"

Name: grub-efi


GRand Unified Bootloader, version 2 (dummy package)

Latest version: 2.02~beta2-9ubuntu1.17
Release: trusty (14.04)
Level: updates
Repository: main
Head package: grub2
Homepage: http://www.gnu.org/software/grub/


Download "grub-efi"

Other versions of "grub-efi" in Trusty

Repository Area Version
base main 2.02~beta2-9
security main 2.02~beta2-9ubuntu1.6


Version: 2.02~beta2-9ubuntu1.17 2019-04-09 21:06:19 UTC

  grub2 (2.02~beta2-9ubuntu1.17) trusty; urgency=medium

  * debian/grub-check-signatures: check kernel signatures against keys known
    in firmware, in case a kernel is signed but not using a key that will pass
    validation, such as when using kernels coming from a PPA. (LP: #1789918)
  * debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned
    kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled
    and kernel signature verification fails, do not boot the kernel. Patch
    from Linn Crosetto. (LP: #1401532)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 22 Mar 2019 11:36:54 -0400

Source diff to previous version
1789918 grub2 signed kernel enforcement doesn't check on upgrade that signatures are from trusted keys
1401532 GRUB's Secure Boot implementation loads unsigned kernel without warning

Version: 2.02~beta2-9ubuntu1.16 2019-02-04 13:06:12 UTC

  grub2 (2.02~beta2-9ubuntu1.16) trusty; urgency=medium

  [ Ivan Hu ]
  * debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch:
    Add support for ext_lfb_base. (LP: #1785033)

  [ dann frazier ]
  * Add grub2/update_nvram template to allow users to disable NVRAM
    updates during package upgrades (LP: #1642298).

  [ Mathieu Trudel-Lapierre ]
  * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream
    SB patch set: (LP: #1696599)
    - linuxefi_backport_arm64.patch: backport basic arm64 chainload/linux
      command support from 17.04.
    - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its
    - linuxefi_fix_validation_race.patch: Fix a race in validating images.
    - linuxefi_chainloader_path.patch: honor the starting path for grub, so
      images do not need to be started from $root.
    - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use
      when Secure Boot is enabled.
    - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all
      loaders: don't load the commands when Secure Boot is enabled.
    - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and
      initrd commands to automatically hand-off to linuxefi/initrdefi; re-
      enable the linux loader.
    - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading
      "special" PE images, such as Windows'.
    - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is
      disabled or shim validation is disabled so loading works as EFI binaries
      when it is supposed to.
    - Removed linuxefi_require_shim.patch; superseded by the above.
    - Removed linuxefi_amd64_only.patch; superseded by the above.
    - Refreshed patches.
  * debian/rules: disable the use of -Werror while building grub; the EFI
    patches have subtle cases which trip it up unnecessarily.
  * debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch:
    dropped; included in linuxefi_backport_arm64.patch.
  * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
    relocate_coff() causing issues with relocation of code in chainload.
    (LP: #1792575)
  * debian/patches/linuxefi_truncate_overlong_relocs.patch: The Windows
    7 bootloader has inconsistent headers; truncate to the smaller, correct
    size to fix chainloading Windows 7. (LP: #1792575)

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 08 Jan 2019 12:36:49 -0500

Source diff to previous version

Version: 2.02~beta2-9ubuntu1.15 2018-09-13 11:06:40 UTC

  grub2 (2.02~beta2-9ubuntu1.15) trusty; urgency=medium

  * util/grub-install.c: Use MokManager EFI binary name without
    the .signed extension now that shim handles signing via sbsigntool
    natively. (LP: #1708245)
    - debian/patches/install_signed.patch
  * debian/control: Breaks shim << 13 due to the renamed MokManager binary.

 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 04 Jul 2018 15:28:17 -0400

Source diff to previous version

Version: 2.02~beta2-9ubuntu1.14 2017-08-28 16:06:59 UTC

  grub2 (2.02~beta2-9ubuntu1.14) trusty; urgency=medium

  * debian/patches/install_signed.patch: update to use the new names for the
    shim binary (shim$arch) and MokManager (mm$arch). (LP: #1637290)
  * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
    renamed EFI binaries.

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 14 Jul 2017 12:20:11 -0400

Source diff to previous version

Version: 2.02~beta2-9ubuntu1.12 2016-08-03 14:06:51 UTC

  grub2 (2.02~beta2-9ubuntu1.12) trusty; urgency=medium

  * debian/patches/uefi_firmware_setup.patch: take into account that the UEFI
    variable OsIndicationsSupported is a bit field, and as such should be
    compared as hex values in 30_uefi-firmware.in. (LP: #1456911)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 29 Jul 2016 14:50:13 -0400

1456911 Ubuntu installation/update-grub fail on specific BIOS

About   -   Send Feedback to @ubuntu_updates