> [You don't often get email from ubuntu-devel@lists.ubuntu.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> On Wed, Feb 25, 2026 at 11:58:35AM +1300, Matthew Ruffell wrote:
>> Hi Mate,
>>
>> Can you please explain exactly what versions you had in mind to backport to
>> exactly what releases? Is this fwupd | 2.0.19-1ubuntu2 from resolute going
>> to questing, noble, jammy? The same for libjcat and libxmlb?
>
> This sounds correct.
>
>>
>> What about focal, bionic, xenial? trusty? Would this go to the primary archive,
>> or to the esm archive?
>
> I can say we have no plans to provide updates to ESM releases in the
> primary archive.
>
> It may not be feasible to provide any updates for ESM releases whatsoever;
> rendering any future secure boot support conditional on ESM users installing
> the snap and manually using that, as is the case currently for device
> firwmare.
>
>>
>> Would this change to the 2023 CA break booting for older images? Do all images
>> need to be respun to new point releases?
>
> The 2023 CA is being added to db. To receive further updates to the boot stack,
> the 2023 CA needs to be installed.
>
> The next shim update will no longer be compatible with the 2011 CA, and
> future grub, fwupd, kernel updates will be switching to a new Canonical
> CA as well which will only be trusted by a future shim.
>
> This does not remove or revoke the 2011 CA. Whether that will happen at
> some point is a question for the far future.
>
>> Looking at the rdepends of fwupd, libjcat and libxml, gnome-software is a clear
>> user of these packages. Is gnome-software on these stable releases compatible
>> with the new packages? Ubuntu itself does not rely on gnome-software, but I
>> assume there are official and non official flavours that do.
>
> gnome-software and plasma-discover need rebuilds against libfwupd3 on
> jammy and focal. It needs to be investigated whether that requires
> source changes or not.
Gnome-firmware too.
>
>>
>> Do you have a brief list of commits that you investigated when you decided it
>> was not practical to backport to previous fwupd releases? How many
>> patches is it?
>
> It depends on a complete refactoring of the plugin system, a new
> metadata format, and took months to develop and test and make sure
> that it works that it's not feasible to identify and validate any
> combination of commits.
>
>>
>> Have you spoken to Richard Hughes and Mario Limonciello upstream about how we
>> should go about solving this problem? From what I can see, the 1_9_X branch is
>> still active. How about getting upstream to backport patches to that branch and
>> make a release? Is it even possible?
>
> There is no advantage to upgrading from 1.7 to 1.9 vs 1.7 to 2.0.
I will actually argue there is another big advantage to going to 2.0.x
instead of 1.9.x in this big jump.
There is a table upstream:
https://github.com/fwupd/fwupd/security/policy
The upstream EOL policy will have 1.9.x EOL date as 2027-01-01.
2.0.x is a year later. So that's another year of upstream security
updates if needed.
>
>>
>> In your [Testcase], this will need more than a basic functionality smoketest.
>> Have you spoken to the Hardware Certification Lab about getting some test
>> hardware you can use various releases like focal, jammy, etc to perform real
>> firmware updates on? Just testing a basic CA upgrade in a VM doesn't quite feel
>> enough testing for real world usage.
>
> It's a good point, but it's worth pointing out that focal and jammy use
> a fwupd so old that it no longer receives updates from lvfs and is
> rendered unusable, users are already actively missing out on published
> security updates for certified devices.
This has been actively complained about already as well.
https://bugs.launchpad.net/ubuntu/focal/+source/fwupd/+bug/2028548
https://bugs.launchpad.net/ubuntu/jammy/+source/fwupd/+bug/2116176
https://bugs.launchpad.net/ubuntu/jammy/+source/fwupd/+bug/1979963
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
