** Description changed: + [Impact] + This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box). + + [Test Case] + On EFI-enabled hardware: + 1. verify that /sys/firmware/efi/efivars is not mounted at boot time. + 2. install both the linux quantal enablement kernel and mountall from proposed. + 3. reboot. + 4. verify that /sys/firmware/efi/efivars is now mounted. + + [Regression potential] + Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel. + As of Linux 3.5, it is not possible to update the SecureBoot database from userspace because the sysfs implementation only supports variable data up to 1KB in size and this is exceeded by even a minimum key database of one key. Matt Fleming has accepted a patch from Matthew Garrett to add a new filesystem that supports larger variables. Please consider backporting this (as an SRU) to both quantal and precise. - https://lkml.org/lkml/2012/10/5/22 + https://lkml.org/lkml/2012/10/5/22
** Description changed: [Impact] This is needed for full hardware enablement of 12.04 on SecureBoot systems. Without this change, management of the SecureBoot revocation database is not possible from Ubuntu userspace (at least, not out of the box). [Test Case] On EFI-enabled hardware: 1. verify that /sys/firmware/efi/efivars is not mounted at boot time. - 2. install both the linux quantal enablement kernel and mountall from proposed. + 2. install both linux-image-generic-lts-quantal and mountall from proposed. 3. reboot. 4. verify that /sys/firmware/efi/efivars is now mounted. [Regression potential] Minimal; as this uses mountall's notion of 'optional' filesystems, the filesystem will simply be skipped if the mountpoint does not exist or the filesystem is not supported by the running kernel. As of Linux 3.5, it is not possible to update the SecureBoot database from userspace because the sysfs implementation only supports variable data up to 1KB in size and this is exceeded by even a minimum key database of one key. Matt Fleming has accepted a patch from Matthew Garrett to add a new filesystem that supports larger variables. Please consider backporting this (as an SRU) to both quantal and precise. https://lkml.org/lkml/2012/10/5/22 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1063061 Title: please backport support for EFI vars > 1KB To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1063061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
