Kernel integrity check on boot
Tom H
tomh0665 at gmail.com
Sat Apr 23 18:23:46 UTC 2016
On Sat, Apr 23, 2016 at 6:13 AM, Ashish Kansara
<ashishnkansara at gmail.com> wrote:
>
> I was looking at doing a clean install of 16.04, this time with block device
> encryption using dm_crypt and LUKS, and was wondering if Ubuntu does any
> kernel integrity check on boot.
>
> From what I understand, secureboot will only perform an integrity check on
> the bootloader; the bootloader itself does not check the kernel hash. This
> seems sort of counter-intuitive since /boot is not encrypted. Of course,
> this is solved if a kernel integrity check is performed on boot.
For secure boot:
shim-signed
grub-efi-amd64-signed
linux-signed-image
More information about the ubuntu-users
mailing list