Public bug reported: [Impact] new upstream release; usual dependency updates per Go MIR policy; aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.
Targeted releases: 1. noble 2. jammy; after/when shim 15.8 lands there 3. focal; after/when shim 15.8 lands there [Test plan] * Test suite passes * Deploy Azure CVM and TPM FDE * Upgrade to this new package and reboot * Boot should be successful * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot) * CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time. We have set block-proposed to allow testing in noble-proposed to be carried out before migration to noble release pocket. [Where problems could occur] Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key. ** Affects: nullboot (Ubuntu) Importance: Undecided Status: New ** Affects: nullboot (Ubuntu Focal) Importance: Undecided Status: New ** Affects: nullboot (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: nullboot (Ubuntu Noble) Importance: Undecided Status: New ** Tags: block-proposed ** Description changed: [Impact] new upstream release; usual dependency updates per Go MIR policy; aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update. + Targeted releases: + + 1. noble + 2. jammy; after/when shim 15.8 lands there + 3. focal; after/when shim 15.8 lands there [Test plan] * Test suite passes * Deploy Azure CVM and TPM FDE * Upgrade to this new package and reboot * Boot should be successful * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot) * CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time. We have set block-proposed to allow testing in noble-proposed to be carried out before migration to noble release pocket. [Where problems could occur] Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key. ** Also affects: nullboot (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: nullboot (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: nullboot (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061754 Title: nullboot 0.5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
