Is shim a redundant package that is never used, compared to shim-signed?
I did sudo apt-get autoremove --purge
to free up some space, however it also removed the latest shim
package that got updated just today.
shim (15.4-0ubuntu7)
also updated today was
shim-signed (15.4-0ubuntu7)
but shim-signed
was NOT removed.
If autoremove
removes older versions no longer required, however I believe shim
is an essential element for secure boot process, or is it not? Please help me understand why it got removed.
Ubuntu 20.04 LTS
Solution 1:
It appears that the files in shim
have been moved to shim-signed
and that probably makes shim
no longer necessary.
The file list from the original shim
version shipped with focal (15+1533136590.3beb971-0ubuntu1
)
/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/shimx64.efi
/usr/share/doc/shim/changelog.Debian.gz
/usr/share/doc/shim/copyright
The file list from the current shim
version in focal-updates (15.4-0ubuntu7
)
/usr/share/doc/shim/buildinfo_amd64.gz
/usr/share/doc/shim/changelog.Debian.gz
/usr/share/doc/shim/copyright
The file list from the original shim-signed
version shipped with focal (1.40.3+15+1533136590.3beb971-0ubuntu1
)
/usr/lib/shim/mok/openssl.cnf
/usr/lib/shim/shimx64.efi.signed
/usr/sbin/update-secureboot-policy
/usr/share/apport/package-hooks/source_shim-signed.py
/usr/share/apport/package-hooks/source_shim.py
/usr/share/doc/shim-signed/changelog.Debian.gz
/usr/share/doc/shim-signed/copyright
/usr/share/lintian/overrides/shim-signed
The file list from the current shim-signed
version in focal-updates (1.40.6+15.4-0ubuntu7
)
/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/mok/openssl.cnf
/usr/lib/shim/shimx64.efi
/usr/lib/shim/shimx64.efi.dualsigned
/usr/lib/shim/shimx64.efi.signed
/usr/sbin/update-secureboot-policy
/usr/share/apport/package-hooks/source_shim-signed.py
/usr/share/apport/package-hooks/source_shim.py
/usr/share/doc/shim-signed/changelog.Debian.gz
/usr/share/doc/shim-signed/copyright
/usr/share/lintian/overrides/shim-signed
It appears these files are now part of shim-signed
and that shim
no longer provides anything critical
/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/shimx64.efi
The reason for the change appears to be the new upstream 15.4 release and is tracked in Launchpad. In particular, the changelog notes
- Update packaging to pull fb and mm from shim-signed package as in
later releases, dropping the runtime dependency on shim.