- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Steve McIntyre
- Date:
- 2026-06-26 20:53:03 UTC
- Severity:
- normal
- Tags:
Hey folks,
As mentioned in #1131862...
We've had new signed shim binaries back from Microsoft for some
time. I've been waiting on the fix for #1137247 (hang/crash
chainloading Windows from grub) in case that might have been shim bug,
but it's now been fixed in grub and we're good.
So, it's time to get a new shim-signed package into bookworm, for the
last point release. I've backported the logic from 1.51 in unstable:
* Add support for verifying and then combining signatures from
multiple signed shims.
+ Existing sbverify versions in Debian are buggy when verifying.
+ Switch to using a python script verify_combine_sigs to fill in
the gaps.
* In preinst, try to verify that the signed shim we're trying to
install will actually boot on this system - let's not break
systems on upgrade.
and imported the signed shim binaries which resulted from the bookworm
shim update in #1131862.
We need this new signed shim to allowe bookworm to install and run on
newer systems which may ship with *only* the new 2023 UEFI CA included
in firmware.
See https://wiki.debian.org/SecureBoot/CAChanges for more background.
.
package release.debian.org tags 1140761 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: shim-signed Version: 1.51~1+deb12u1 Explanation: ensure Secure Boot compatibility with 2023 Microsoft UEFI CA; check for likely boot issues before installation; combine and verify multiple shim signatures; update signed shim binaries
package release.debian.org tags 1140761 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: shim-signed Version: 1.51~1+deb12u1 Explanation: ensure Secure Boot compatibility with 2023 Microsoft UEFI CA; check for likely boot issues before installation; combine and verify multiple shim signatures; update signed shim binaries