[Bug 1789918] Re: grub2 signed kernel enforcement doesn't check on upgrade that signatures are from trusted keys
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Mon Jan 21 14:36:24 UTC 2019
Adding block-proposed for one last test run in -proposed.
** Tags added: block-proposed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1789918
Title:
grub2 signed kernel enforcement doesn't check on upgrade that
signatures are from trusted keys
Status in grub2 package in Ubuntu:
In Progress
Status in mokutil package in Ubuntu:
Fix Released
Bug description:
This is on a cosmic system. I wanted to test the 4.18 kernel in the kernel teams unstable ppa. I enabled that ppa, then ran "sudo apt-get update; sudo apt-get dist-upgrade" and then rebooted. Upon boot grub started reporting that none of the kernels I have installed have valid signatures. These were working just fine before this update. The only remedy was to disable secure boot in my bios.
---
ProblemType: Bug
ApportVersion: 2.20.10-0ubuntu9
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
DistroRelease: Ubuntu 18.10
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-08-14 (380 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170812)
Package: grub2 (not installed)
ProcEnviron:
TERM=tmux-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 4.18.0-7.8-generic 4.18.5
Tags: wayland-session cosmic
Uname: Linux 4.18.0-7-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip kvm libvirt lpadmin plugdev sambashare sudo
_MarkForUpload: True
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1789918/+subscriptions
More information about the foundations-bugs
mailing list