[Bug 1929454] Re: Bios measurements do not contain measurements for the kernel binary and kernel signer cert.
Steve Langasek
1929454 at bugs.launchpad.net
Tue May 25 01:24:53 UTC 2021
On Mon, May 24, 2021 at 11:30:09PM -0000, VINAY RAJESH wrote:
> What about the scenario where the signers are different for kernel and
> grub? For example, if the kernel is signed using a self signed cert and
> loaded using MOK.
> I am trying to do that right now but the kernel fails to load when
> signed with a MOK key.
In that case, yes, the key in mok used for signing the kernel is supposed to
be measured in addition to the key used for signing grub. But it sounds
like you're not getting to that point yet, if your kernel fails to load.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1929454
Title:
Bios measurements do not contain measurements for the kernel binary
and kernel signer cert.
Status in shim-signed package in Ubuntu:
New
Bug description:
On Ubuntu 20.04, the binary_bios_measurements do NOT contain the
measurements for the kernel binary and the kernel signer cert that is
typically measured by the shim.
This is behavior is NOT consistent with Ubuntu 18.04 where the
measurements are present.
Attaching the measurements from Ubuntu 20.04 for reference.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1929454/+subscriptions
More information about the foundations-bugs
mailing list