[Bug 1860531] Re: IPL on z15 always performed regardless of the secure-boot related settings

Dimitri John Ledkov launchpad at surgut.co.uk
Wed Feb 5 16:59:06 UTC 2020 

In above logs zipl.conf is shown to be like this:

root at t35lp36:~# cat /etc/zipl.conf
[defaultboot]
defaultmenu = menu
secure=1

:menu
target = /boot
1 = ubuntu
2 = old
default = 1
prompt = 1
timeout = 10

However, for me, setting secure like that has never worked.

Instead i had to set secure=1 on the ':menu' portion of the zipl.conf
file, i.e.

root at t35lp36:~# cat /etc/zipl.conf
[defaultboot]
defaultmenu = menu

:menu
target = /boot
1 = ubuntu
2 = old
default = 1
prompt = 1
timeout = 10
secure=1

Can it be that this is leading to incorrect testing?

Also I wanted to make sure you have the right kernel installed.

Can you please doublecheck output for all of the below commands is the
same for you?

$ dpkg-query -W linux-image-5.4.0-12-generic
linux-image-5.4.0-12-generic	5.4.0-12.15

$ sudo md5sum /boot/vmlinuz /boot/vmlinuz-5.4.0-12-generic 
6e2c2d81d3fa1d50bd3b30f12085554b  /boot/vmlinuz
6e2c2d81d3fa1d50bd3b30f12085554b  /boot/vmlinuz-5.4.0-12-generic

$ grep vmlinuz /var/lib/dpkg/info/linux-image-5.4.0-12-generic.md5sums 
6e2c2d81d3fa1d50bd3b30f12085554b  boot/vmlinuz-5.4.0-12-generic

To double check that signature is present on /boot/vmlinuz you can use
the extract-module-sig.pl from the linux source tree scripts directly
and then run something like this:

$ sudo perl linux/scripts/extract-module-sig.pl -d /boot/vmlinuz
Read 8163896 bytes from module file
Found magic number at 8163896
Found PKCS#7/CMS encapsulation
Found 528 bytes of signature [3082020c06092a864886f70d010702a0]
0 0 2 0 0 528

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1860531

Title:
  IPL on z15 always performed regardless of the secure-boot related
  settings

Status in Ubuntu on IBM z Systems:
  In Progress
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools source package in Eoan:
  New
Status in s390-tools source package in Focal:
  Fix Released

Bug description:
  Description will follow

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1860531/+subscriptions

More information about the foundations-bugs mailing list