Kernel Unsigned Landing PPA
Seth Forshee
seth.forshee at canonical.com
Wed Jun 27 14:00:16 UTC 2018
On Mon, Jun 25, 2018 at 01:44:56AM -0300, José Humberto wrote:
> Hello
>
> My name is Jose and I want to know why all kernels since 4.14.35 are
> unsigned.
Based on the version I take it you are referring to the mainline builds
at http://kernel.ubuntu.com/~kernel-ppa/mainline/ ?
> That can be a problem about security?
> Because we haven't a signed kernel at PPA since 2 months ago and I'm worried
> about the problems that this can be for who uses the kernel from the
> official PPA. Problems like modules unsigned or something on UEFI.
I'm not sure what you mean by "official" here. Yes, they are produced by
the Ubuntu kernel team, but only for testing purposes. They are not
supported, and we do not recommend them for everyday use.
To my knowledge those kernels have never been signed. The modules should
be signed with an ephemral key generated at build time, but that key
would not have a chain of trust for UEFI secure boot, and the kernel
images would not have been signed with that key regardless.
Maybe I'm misunderstanding your question. If so, please clarify.
Seth
More information about the kernel-team
mailing list