[Bug 1810842] [NEW] Allows booting unsigned kernel when not using shim
dann frazier
dann.frazier at canonical.com
Mon Jan 7 19:17:04 UTC 2019
Public bug reported:
A Secure Boot system that has Canonical's key in the db can boot can
boot our signed GRUB directly (i.e., w/o chaining through shim). In this
configuration, GRUB will permit booting unsigned kernels. Reported by
Ard Biesheuvel of Linaro.
** Affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1810842
Title:
Allows booting unsigned kernel when not using shim
Status in grub2-signed package in Ubuntu:
New
Bug description:
A Secure Boot system that has Canonical's key in the db can boot can
boot our signed GRUB directly (i.e., w/o chaining through shim). In
this configuration, GRUB will permit booting unsigned kernels.
Reported by Ard Biesheuvel of Linaro.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1810842/+subscriptions
More information about the foundations-bugs
mailing list