Is shim a redundant package that is never used, compared to shim-signed?

apt package-management grub2 uefi 20.04

I did sudo apt-get autoremove --purge to free up some space, however it also removed the latest shim package that got updated just today.

shim (15.4-0ubuntu7)

also updated today was

shim-signed (15.4-0ubuntu7)

but shim-signed was NOT removed.

If autoremove removes older versions no longer required, however I believe shim is an essential element for secure boot process, or is it not? Please help me understand why it got removed.

Ubuntu 20.04 LTS


Solution 1:

It appears that the files in shim have been moved to shim-signed and that probably makes shim no longer necessary.

The file list from the original shim version shipped with focal (15+1533136590.3beb971-0ubuntu1)

/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/shimx64.efi
/usr/share/doc/shim/changelog.Debian.gz
/usr/share/doc/shim/copyright

The file list from the current shim version in focal-updates (15.4-0ubuntu7)

/usr/share/doc/shim/buildinfo_amd64.gz
/usr/share/doc/shim/changelog.Debian.gz
/usr/share/doc/shim/copyright

The file list from the original shim-signed version shipped with focal (1.40.3+15+1533136590.3beb971-0ubuntu1)

/usr/lib/shim/mok/openssl.cnf
/usr/lib/shim/shimx64.efi.signed
/usr/sbin/update-secureboot-policy
/usr/share/apport/package-hooks/source_shim-signed.py
/usr/share/apport/package-hooks/source_shim.py
/usr/share/doc/shim-signed/changelog.Debian.gz
/usr/share/doc/shim-signed/copyright
/usr/share/lintian/overrides/shim-signed

The file list from the current shim-signed version in focal-updates (1.40.6+15.4-0ubuntu7)

/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/mok/openssl.cnf
/usr/lib/shim/shimx64.efi
/usr/lib/shim/shimx64.efi.dualsigned
/usr/lib/shim/shimx64.efi.signed
/usr/sbin/update-secureboot-policy
/usr/share/apport/package-hooks/source_shim-signed.py
/usr/share/apport/package-hooks/source_shim.py
/usr/share/doc/shim-signed/changelog.Debian.gz
/usr/share/doc/shim-signed/copyright
/usr/share/lintian/overrides/shim-signed

It appears these files are now part of shim-signed and that shim no longer provides anything critical

/usr/lib/shim/BOOTX64.CSV
/usr/lib/shim/fbx64.efi
/usr/lib/shim/mmx64.efi
/usr/lib/shim/shimx64.efi

The reason for the change appears to be the new upstream 15.4 release and is tracked in Launchpad. In particular, the changelog notes

    - Update packaging to pull fb and mm from shim-signed package as in
      later releases, dropping the runtime dependency on shim.

Related

WiFi driver issues in ASUS ROG G15 (2021)
Ubuntu 21.04 using huge amounts of RAM just after sign-in
Installing FreeDOS onto a USB stick using unetbootin fails
Removing the Top bar in Ubuntu Desktop
What should I do about the ''HDD dying'' messages on my laptop?
Is there a specific control panel for intel HD graphics in Ububtu [duplicate]
HPLIP cannot install on Ubuntu 21.04
How to change desktop icon text background color in yaru-unity theme? [duplicate]
What game is featured in the Razer Ornata Chroma Ad
Does the amount of Crimson Hearts destroyed reset when quitting the game?
Whats the value for EDI and Jokers romance?
How do I stop Preston Garvey from being hostile to me?