Unsigned kernel boot

Andy Whitcroft apw at canonical.com
Mon Nov 11 13:35:02 UTC 2013

On Mon, Nov 11, 2013 at 03:05:53PM +0200, Dmitry Kasatkin wrote:
> Hello,
> Shim in my 13.04 was just upgraded and I see that Ubuntu now boots
> unsigned kernel in secure boot enabled system.
> Why is that?
> In secure boot it should not be possible to boot unsigned kernel...

That is not the guarentee that shim makes at all.  It says it will not
start an unsigned kernel with boot-services still available, ie if the
kernel is not signed it will close up access to the EFI settings before
handoff to anything unsigned.


More information about the kernel-team mailing list