[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines

Ubfan 1170150 at bugs.launchpad.net
Thu Apr 18 17:12:25 UTC 2013 

Ubuntu 12.10, updated several times, getting kernels ...17, ...26, and ...27.  The symlinks in / were examined with "ls -l" and  the output  indicated that the link was to the /boot/vmlinuz....-generic file, NOT the /boot/vmlinuz...-generic.efi.signed file.
Applying the sbattach command to the /vmlinuz (and to the actual /boot/vmlinuz-3.5.0-27-generic file) produced a zero length output with the warnings:
warning: file-aligned section of .text extends beyond  end of the file
warning: checksum areas are greater than image size. invalid section table?

Applying the sbattach command to the /boot/vmlinuz...-generic.efi.signed file produced no errors, and output of length 1911.
I conclude that the kernels in /boot ending in ".efi.signed" are the signed versions, and the ones ending in ".generic" are not -- with the symlinks in "/" pointing to the unsigned versions.

The file /etc/kernel-img.conf contains symlinks=yes, and bootloader=no

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1170150

Title:
  vmlinuz/initrd.img symlinks do not point to signed versions on kernel
  updates of secure boot UEFI machines

Status in “grub2” package in Ubuntu:
  Incomplete

Bug description:
  Kernel updates on a UEFI pc with secure boot enabled have the vmlinuz
  and initrd.img symlinks updated, but they point to the unsigned
  versions of the kernel instead of the signed ones.  The pc was set up
  with secure boot on, has never been booted with secure boot off, and
  no runtime problems have been noted from the wrong symlinks.  Having
  the links to the signed versions is highly desirable, in order to set
  up a USB stick with its own EFI directory to boot Ubuntu, and not have
  to worry about changing the USB stick's grub.cfg files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170150/+subscriptions

More information about the foundations-bugs mailing list