shim-signed - Debian Package Tracker

general

source: shim-signed (main)
version: 1.47
maintainer: Debian EFI Team (archive) (DMD)
uploaders: Steve Langasek [DMD] – Steve McIntyre [DMD]
arch: all amd64 arm64
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.44~1+deb11u1
o-o-p-u: 1.44~1+deb11u1
oldstable: 1.44~1+deb12u1
stable: 1.47
testing: 1.47
unstable: 1.47

versioned links

1.44~1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.44~1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.47: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

shim-signed (13 bugs: 0, 11, 2, 0)
shim-signed-common (4 bugs: 0, 3, 1, 0)

action needed

source package has 1 unsatisfiable build dependency high

Build dependencies in unstable cannot be satisfied on amd64, i386, s390x, ppc64el, armhf, and arm64 because: unsatisfied dependency on shim-unsigned (= 15.8-1)

Created: 2026-03-24 Last update: 2026-05-17 12:30

lintian reports 1 error and 1 warning high

Lintian reports 1 error and 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-07-30 Last update: 2025-07-30 04:03

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2026-04-06 Last update: 2026-05-17 12:17

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.48, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 0140b59d00318019177364b0a56f180052394868
Author: Steve McIntyre <steve@einval.com>
Date:   Thu May 14 16:53:15 2026 +0100

    Update to boot check: ignore keys listed in DBX

commit be5e1a1dd8e69d54bd52ff55f801028af6b83767
Author: Steve McIntyre <steve@einval.com>
Date:   Thu May 14 16:33:23 2026 +0100

    Check that we can boot on the current system
    
    If SecureBoot is enabled, check that our shim binary is signed by at
    least one of the certificates enrolled in firmware.

commit 51d7291fc779e9c961c942fb503ffa2d02205b3c
Author: Steve McIntyre <steve@einval.com>
Date:   Thu May 14 00:18:16 2026 +0100

    Grab the sha1 fingerprint of each used cert as we match them
    
    Later, install that data alongside the shim binaries in the package.
    
    We can then use this data to check that we can boot the signed shim
    we're installing.

commit a4d4af294e188bd9bae83a0d1df2191180961c7b
Author: Steve McIntyre <steve@einval.com>
Date:   Thu May 14 00:17:47 2026 +0100

    Makefile: add clean rule

commit bfdd628e60db5818e90967b142bd511c597a1352
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 13 23:26:39 2026 +0100

    Update lintian source overrides

commit 8ed0e53daa6a62a42ddc07ba3f223fc33fc8714a
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 13 23:22:53 2026 +0100

    Update build-deps for 16.1-2

commit fb7896559b4673427f4f4075bd74512bb3a5bf30
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 13 23:15:31 2026 +0100

    Add the new 16.1-2 binaries signed by Microsoft

commit 46b1703f38382efebc0526e1c7f98609d6d2f5f0
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 13 23:08:09 2026 +0100

    Update changelog

commit d26ca79bcb7a6e2c59f7b6f9292c28b7189d431a
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 6 23:58:34 2026 +0100

    Fix up cert filenames and explicitly sort them before use

commit 06be276481fa3481cbdb3fa24ce8a1114d1bcdbd
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 6 23:45:07 2026 +0100

    Add the "new" Microsoft 2023 UEFI CA key
    
    Found at
    https://github.com/microsoft/secureboot_objects/blob/main/PreSignedObjects/DB/Certificates/microsoft%20uefi%20ca%202023.der
    and copied here in PEM format, ready to use.

commit 221cc767346b1715e7f138b184ed596796181416
Author: Steve McIntyre <steve@einval.com>
Date:   Wed May 6 23:44:01 2026 +0100

    Shuffle test certificates

commit e2a56d673c66989136c41a6f1c997ff1aad10097
Author: Steve McIntyre <steve@einval.com>
Date:   Tue Apr 28 14:01:32 2026 +0100

    Add support for verifying and then combining signatures
    
    from multiple signed shims.
    
    * Move the verification logic out into a new helper script
      verify_combine_sigs - see comments there for how it works.
    * Rename the existing shim binaries and CA cert to match
    * Include some extra certs and binaries for testing with

Created: 2026-05-07 Last update: 2026-05-15 00:01

2 open merge requests in Salsa normal

There are 2 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-22 Last update: 2026-05-14 00:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.5.1).

Created: 2021-08-18 Last update: 2026-03-31 15:01

news

[rss feed]

[2025-08-01] shim-signed 1.47 MIGRATED to testing (Debian testing watch)
[2025-07-29] Accepted shim-signed 1.47 (source) into unstable (Steve McIntyre)
[2025-07-04] shim-signed 1.46 MIGRATED to testing (Debian testing watch)
[2025-06-23] Accepted shim-signed 1.46 (source) into unstable (Steve McIntyre)
[2025-06-23] Accepted shim-signed 1.45 (source all amd64) into unstable (Steve McIntyre)
[2024-08-25] shim-signed 1.44 MIGRATED to testing (Debian testing watch)
[2024-08-16] Accepted shim-signed 1.44~1+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2024-08-16] Accepted shim-signed 1.44~1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2024-08-16] Accepted shim-signed 1.44~1+deb10u1 (source) into oldoldstable (Steve McIntyre)
[2024-07-03] Accepted shim-signed 1.44 (source) into unstable (Steve McIntyre)
[2024-06-29] Accepted shim-signed 1.43 (source) into unstable (Steve McIntyre)
[2024-06-28] Accepted shim-signed 1.42 (source) into unstable (Steve McIntyre)
[2024-06-26] Accepted shim-signed 1.41 (source) into unstable (Steve McIntyre)
[2023-08-09] shim-signed 1.40 MIGRATED to testing (Debian testing watch)
[2023-08-04] Accepted shim-signed 1.40 (source) into unstable (Steve McIntyre)
[2023-03-14] shim-signed 1.39 MIGRATED to testing (Debian testing watch)
[2023-03-09] Accepted shim-signed 1.39~1+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2023-03-09] Accepted shim-signed 1.39 (source) into unstable (Steve McIntyre)
[2023-03-08] Accepted shim-signed 1.39~1+deb10u1 (source) into oldstable (Steve McIntyre)
[2021-07-25] shim-signed 1.38 MIGRATED to testing (Debian testing watch)
[2021-07-13] Accepted shim-signed 1.38~1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-07-12] Accepted shim-signed 1.38 (source) into unstable (Steve McIntyre)
[2021-07-09] shim-signed 1.37 MIGRATED to testing (Debian testing watch)
[2021-06-30] Accepted shim-signed 1.37~1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-06-29] Accepted shim-signed 1.37 (source) into unstable (Steve McIntyre)
[2021-06-21] Accepted shim-signed 1.36~1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-05-18] shim-signed 1.36 MIGRATED to testing (Debian testing watch)
[2021-05-09] Accepted shim-signed 1.36~1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-05-06] Accepted shim-signed 1.36 (source) into unstable (Steve McIntyre)
[2021-05-04] Accepted shim-signed 1.35 (source) into unstable (Steve McIntyre)

bugs [bug history graph]

all: 17
RC: 0
I&N: 14
M&W: 3
F&P: 0
patch: 1

links

lintian (1, 1)
buildd: logs, reproducibility, debcheck, cross
popcon
browse source code
other distros
l10n (100, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.59
55 bugs (1 patch)