2019-06-06 20:49:49 |
Andy Whitcroft |
bug |
|
|
added bug |
2019-06-06 20:51:38 |
Andy Whitcroft |
bug task added |
|
launchpad |
|
2019-06-06 20:51:49 |
Andy Whitcroft |
launchpad: status |
New |
In Progress |
|
2019-06-06 20:51:53 |
Andy Whitcroft |
launchpad: assignee |
|
Andy Whitcroft (apw) |
|
2019-06-06 20:51:56 |
Andy Whitcroft |
u-boot (Ubuntu): importance |
Undecided |
High |
|
2019-06-06 20:52:00 |
Andy Whitcroft |
u-boot (Ubuntu): assignee |
|
Andy Whitcroft (apw) |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Xenial |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
bug task added |
|
u-boot (Ubuntu Xenial) |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Eoan |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
bug task added |
|
u-boot (Ubuntu Eoan) |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Cosmic |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
bug task added |
|
u-boot (Ubuntu Cosmic) |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Bionic |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
bug task added |
|
u-boot (Ubuntu Bionic) |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
nominated for series |
|
Ubuntu Disco |
|
2019-06-10 14:42:34 |
Andy Whitcroft |
bug task added |
|
u-boot (Ubuntu Disco) |
|
2019-06-10 14:42:49 |
Andy Whitcroft |
u-boot (Ubuntu Eoan): status |
New |
In Progress |
|
2019-06-10 15:56:41 |
Andy Whitcroft |
u-boot (Ubuntu Disco): status |
New |
In Progress |
|
2019-06-10 15:56:44 |
Andy Whitcroft |
u-boot (Ubuntu Disco): importance |
Undecided |
Medium |
|
2019-06-10 15:56:47 |
Andy Whitcroft |
u-boot (Ubuntu Disco): assignee |
|
Andy Whitcroft (apw) |
|
2019-06-10 15:56:50 |
Andy Whitcroft |
u-boot (Ubuntu Cosmic): status |
New |
In Progress |
|
2019-06-10 15:56:54 |
Andy Whitcroft |
u-boot (Ubuntu Cosmic): importance |
Undecided |
Medium |
|
2019-06-10 15:56:56 |
Andy Whitcroft |
u-boot (Ubuntu Cosmic): assignee |
|
Andy Whitcroft (apw) |
|
2019-06-10 15:57:02 |
Andy Whitcroft |
u-boot (Ubuntu Bionic): status |
New |
In Progress |
|
2019-06-10 15:57:05 |
Andy Whitcroft |
u-boot (Ubuntu Bionic): importance |
Undecided |
High |
|
2019-06-10 15:57:08 |
Andy Whitcroft |
u-boot (Ubuntu Bionic): assignee |
|
Andy Whitcroft (apw) |
|
2019-06-10 15:57:11 |
Andy Whitcroft |
u-boot (Ubuntu Eoan): importance |
High |
Medium |
|
2019-06-10 15:57:14 |
Andy Whitcroft |
u-boot (Ubuntu Xenial): status |
New |
In Progress |
|
2019-06-10 15:57:18 |
Andy Whitcroft |
u-boot (Ubuntu Xenial): importance |
Undecided |
High |
|
2019-06-10 15:57:20 |
Andy Whitcroft |
u-boot (Ubuntu Xenial): assignee |
|
Andy Whitcroft (apw) |
|
2019-06-11 11:46:23 |
Andy Whitcroft |
description |
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
[Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image.
[Test Case] run mkimage with no arguments, note that signing is shown as not enabled.
[Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low.
===
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
|
2019-06-11 11:47:17 |
Andy Whitcroft |
description |
[Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image.
[Test Case] run mkimage with no arguments, note that signing is shown as not enabled.
[Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low.
===
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
[Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image.
[Test Case] run mkimage with no arguments, note that signing is shown as not enabled.
[Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low. There is slightly higher risk in the xenial changes as the enablement has enabled some additional tool builds, but none of those are shipped in the resulting binaries.
===
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
|
2019-06-11 12:14:28 |
Łukasz Zemczak |
u-boot (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
2019-06-11 12:14:32 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-06-11 12:14:33 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2019-06-11 12:14:36 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-disco |
|
2019-06-11 12:23:24 |
Łukasz Zemczak |
u-boot (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
2019-06-11 12:23:29 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-disco |
verification-needed verification-needed-cosmic verification-needed-disco |
|
2019-06-11 12:24:23 |
Łukasz Zemczak |
u-boot (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-06-11 12:24:29 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-cosmic verification-needed-disco |
verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-disco |
|
2019-06-11 12:48:48 |
Łukasz Zemczak |
u-boot (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2019-06-11 12:48:53 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-disco |
verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-disco verification-needed-xenial |
|
2019-06-11 13:09:17 |
Andy Whitcroft |
attachment added |
|
Testing script. https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/1831942/+attachment/5270139/+files/TEST-FIT |
|
2019-06-11 13:12:01 |
Andy Whitcroft |
description |
[Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image.
[Test Case] run mkimage with no arguments, note that signing is shown as not enabled.
[Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low. There is slightly higher risk in the xenial changes as the enablement has enabled some additional tool builds, but none of those are shipped in the resulting binaries.
===
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
[Impact] the existing mkimage/dumpimage tools are unable to make or dump out the contents of a u-boot FIT image.
[Test Case] run mkimage with no arguments, note that FIT images and signing are shown as disabled. Install the updated version and note that FIT images and signing are now shown as enabled. Run the attached TEST-FIT script which will put together a sample image, generate some keys, and sign the resulting image contents. You will see "kernel.img: Device Tree Blob version 17,..." if the image is created and you will see dumpimage output showing it is not yet signed (Sign value: unavailable). The signatures will then be applied and the image redumped and you will see it is now signed (Sign value: <hex>).
[Regression Potential] though this changes the u-boot boot loader package, only the build of the u-boot-utils package contents is modified. This primarily enabled FIT_SIGNATURE support in the configuration before building those tools. The majority of the tools we ship do not have configuration support even and so should not be affected. mkimage et al are not normally used during a kernel/bootloader update and so the risk to a pre-installed system should be low. There is slightly higher risk in the xenial changes as the enablement has enabled some additional tool builds, but none of those are shipped in the resulting binaries.
===
We need a mechanism for securely signing Flat Image Tree binaries. This will be performed in a similar manner to UEFI signing support via a custom binary upload to launchpad. We will also need a u-boot update to enable image creation and signing support in mkimage. |
|
2019-06-11 15:12:36 |
Launchpad Janitor |
u-boot (Ubuntu Eoan): status |
In Progress |
Fix Released |
|
2019-06-11 18:03:19 |
Andy Whitcroft |
tags |
verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-disco verification-needed-xenial |
verification-done-disco verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-xenial |
|
2019-06-11 18:16:39 |
Andy Whitcroft |
tags |
verification-done-disco verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-xenial |
verification-done-cosmic verification-done-disco verification-needed verification-needed-bionic verification-needed-xenial |
|
2019-06-11 18:22:27 |
Andy Whitcroft |
tags |
verification-done-cosmic verification-done-disco verification-needed verification-needed-bionic verification-needed-xenial |
verification-done-bionic verification-done-cosmic verification-done-disco verification-needed verification-needed-xenial |
|
2019-06-12 10:02:10 |
Andy Whitcroft |
tags |
verification-done-bionic verification-done-cosmic verification-done-disco verification-needed verification-needed-xenial |
verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed |
|
2019-06-12 10:02:37 |
Andy Whitcroft |
tags |
verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed |
verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-needed-xenial |
|
2019-06-13 08:14:50 |
Andy Whitcroft |
tags |
verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-needed-xenial |
verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
|
2019-06-13 10:46:12 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-06-13 10:46:33 |
Launchpad Janitor |
u-boot (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
2019-06-13 10:46:43 |
Launchpad Janitor |
u-boot (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2019-06-13 10:46:54 |
Launchpad Janitor |
u-boot (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2019-06-13 10:53:18 |
Launchpad Janitor |
u-boot (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
2019-06-19 09:39:20 |
Colin Watson |
branch linked |
|
lp:~apw/launchpad/signing-fit |
|
2019-06-19 10:50:25 |
Launchpad QA Bot |
tags |
verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
qa-needstesting verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
|
2019-06-19 10:50:26 |
Launchpad QA Bot |
launchpad: status |
In Progress |
Fix Committed |
|
2019-06-19 12:57:55 |
Andy Whitcroft |
tags |
qa-needstesting verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
|
2019-06-20 18:42:55 |
Colin Watson |
launchpad: status |
Fix Committed |
Fix Released |
|
2019-06-20 18:45:13 |
Colin Watson |
summary |
support u-boot Flat Image Tree (FIT) signing support |
u-boot Flat Image Tree (FIT) signing support |
|
2020-11-17 09:58:53 |
Łukasz Zemczak |
u-boot (Ubuntu Groovy): status |
New |
Fix Committed |
|
2020-11-17 09:58:55 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-11-17 09:58:59 |
Łukasz Zemczak |
tags |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-groovy |
|
2020-11-18 16:22:49 |
Łukasz Zemczak |
u-boot (Ubuntu Focal): status |
New |
Fix Committed |
|
2020-11-18 16:22:54 |
Łukasz Zemczak |
tags |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-groovy |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-focal verification-needed-groovy |
|
2020-11-18 16:41:55 |
Łukasz Zemczak |
u-boot (Ubuntu Bionic): status |
Fix Released |
Fix Committed |
|
2020-11-18 16:42:02 |
Łukasz Zemczak |
tags |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-focal verification-needed-groovy |
qa-ok verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
|
2020-11-18 16:48:16 |
Łukasz Zemczak |
tags |
qa-ok verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
qa-ok verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-done-focal verification-done-groovy verification-done-xenial |
|
2021-01-08 17:07:29 |
Łukasz Zemczak |
tags |
qa-ok verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-done-focal verification-done-groovy verification-done-xenial |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-focal verification-done-xenial verification-needed verification-needed-groovy |
|
2021-01-08 17:11:19 |
Łukasz Zemczak |
tags |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-focal verification-done-xenial verification-needed verification-needed-groovy |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-focal verification-needed-groovy |
|
2021-01-08 17:14:45 |
Łukasz Zemczak |
tags |
qa-ok verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-focal verification-needed-groovy |
qa-ok verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
|
2021-01-08 17:16:54 |
Łukasz Zemczak |
tags |
qa-ok verification-done-cosmic verification-done-disco verification-done-xenial verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy |
qa-ok verification-done verification-done-bionic verification-done-cosmic verification-done-disco verification-done-focal verification-done-groovy verification-done-xenial |
|
2021-01-18 12:40:51 |
Dimitri John Ledkov |
u-boot (Ubuntu Focal): milestone |
|
ubuntu-20.04.2 |
|
2021-01-28 16:48:32 |
Launchpad Janitor |
u-boot (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
2021-01-28 16:50:19 |
Launchpad Janitor |
u-boot (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2021-01-28 16:50:19 |
Launchpad Janitor |
cve linked |
|
2020-8432 |
|
2021-02-18 12:54:47 |
Launchpad Janitor |
u-boot (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|