Kernel integrity check on boot
Ashish Kansara
ashishnkansara at gmail.com
Thu Apr 28 22:23:07 UTC 2016
Sorry, didn't see this reply in the sea of unread emails! Thanks, I'll look
into those this weekend.
On Sat, Apr 23, 2016 at 12:23 PM, Tom H <tomh0665 at gmail.com> wrote:
> On Sat, Apr 23, 2016 at 6:13 AM, Ashish Kansara
> <ashishnkansara at gmail.com> wrote:
> >
> > I was looking at doing a clean install of 16.04, this time with block
> device
> > encryption using dm_crypt and LUKS, and was wondering if Ubuntu does any
> > kernel integrity check on boot.
> >
> > From what I understand, secureboot will only perform an integrity check
> on
> > the bootloader; the bootloader itself does not check the kernel hash.
> This
> > seems sort of counter-intuitive since /boot is not encrypted. Of course,
> > this is solved if a kernel integrity check is performed on boot.
>
> For secure boot:
> shim-signed
> grub-efi-amd64-signed
> linux-signed-image
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160428/2a8361aa/attachment.html>
More information about the ubuntu-users
mailing list