[Merge] ~juliank/grub/+git/ubuntu:juliank/check-signed-kernels into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
Julian Andres Klode
julian.klode at canonical.com
Fri Jun 22 16:06:49 UTC 2018
It now looks at all kernels in /boot, rather then finding via grub.cfg (so we can run before update-grub), checks the policy in the postinst, and only if we are on secure boot.
I have not found any solution to check if it's signed with the right key, though. What I figured out is that sbverify needs a certificate, and mokutil can give me a list of keys.
--
https://code.launchpad.net/~juliank/grub/+git/ubuntu/+merge/345403
Your team Ubuntu Core Development Team is subscribed to branch ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu.
More information about the Ubuntu-reviews
mailing list