[Bug 1786491] Re: grub2 verify signed kernel exists or abort upgrade
Launchpad Bug Tracker
1786491 at bugs.launchpad.net
Thu Aug 23 08:10:17 UTC 2018
This bug was fixed in the package grub2 - 2.02-2ubuntu8.3
---------------
grub2 (2.02-2ubuntu8.3) bionic; urgency=medium
* Verify that the current and newer kernels are signed when grub is updated, to
make sure people do not accidentally shutdown without a signed kernel.
(LP: #1786491)
-- Julian Andres Klode <juliank at ubuntu.com> Fri, 13 Jul 2018 15:21:48
+0200
** Changed in: grub2 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1786491
Title:
grub2 verify signed kernel exists or abort upgrade
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2-signed package in Ubuntu:
Fix Released
Status in grub2 source package in Bionic:
Fix Released
Status in grub2-signed source package in Bionic:
Fix Released
Status in grub2 source package in Cosmic:
Fix Released
Status in grub2-signed source package in Cosmic:
Fix Released
Bug description:
[Impact]
grub2 should fail to install if no signed kernels exist
[Test case]
On a secure boot system:
* Install grub-efi-amd64{,signed} and signed kernel => installs
* Install grub-efi-amd64{,signed} and only unsigned kernel => prevents
On a non-secure-boot system:
* Install grub-efi-amd64{,signed} and only unsigned kernel => installs
[Regression potential]
Upgrades can break.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1786491/+subscriptions
More information about the foundations-bugs
mailing list