[Bug 1964943] Re: Do not validate kernels twice
Launchpad Bug Tracker
1964943 at bugs.launchpad.net
Tue Mar 29 17:29:26 UTC 2022
This bug was fixed in the package grub2 - 2.06-2ubuntu6
---------------
grub2 (2.06-2ubuntu6) jammy; urgency=medium
[ Heinrich Schuchardt ]
* efivar: check that efivarfs is writeable (LP: #1965288)
[ Dimitri John Ledkov ]
* Do not validate kernels twice. (LP: #1964943)
[ Heinrich Schuchardt ]
* efi: EFI Device Tree Fixup Protocol (LP: #1965796)
* fdt: add debug output to devicetree command
-- Julian Andres Klode <juliank at ubuntu.com> Fri, 25 Mar 2022 16:03:11
+0100
** Changed in: grub2 (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1964943
Title:
Do not validate kernels twice
Status in grub2 package in Ubuntu:
Fix Released
Status in grub2 source package in Jammy:
Fix Released
Bug description:
[Impact]
* 2.06 grub + linuxefi patches submit kernel.efi for validation
twice. Once via shim-lock protocol, and again directly.
* this results in duplicate measurements for vmlinuz on classic and
kernel.efi on core and breaks measured & attested boot.
[Test Plan]
* Boot classic & core systems with this grub and decode pcr
measurements using https://github.com/canonical/tcglog-parser which
should only show a single measurement for the kernels.
[Where problems could occur]
* People relying on measured/attested boot using pre-release jammy
grub will experience a change of measurements, which is now becomming
stable relative to focal once again.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1964943/+subscriptions
More information about the foundations-bugs
mailing list