Kernel integrity check on boot

Ashish Kansara ashishnkansara at
Sat Apr 23 04:13:53 UTC 2016

Hello everyone,

I was looking at doing a clean install of 16.04, this time with block
device encryption using dm_crypt and LUKS, and was wondering if Ubuntu does
any kernel integrity check on boot.

>From what I understand, secureboot will only perform an integrity check on
the bootloader; the bootloader itself does not check the kernel hash. This
seems sort of counter-intuitive since /boot is not encrypted. Of course,
this is solved if a kernel integrity check is performed on boot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-users mailing list