[Bug 1234649] Re: UEFI shim verification against microsoft-uefica-public.pem fails with 20131003 saucy images
Steve Langasek
steve.langasek at canonical.com
Thu Oct 3 18:19:00 UTC 2013
I believe this is a bug in sbsigntool, not in the shim data. The expired
signature is not in the path to the CA, my understanding is that this is
present only as part of the timestamping service.
** Package changed: shim-signed (Ubuntu) => sbsigntool (Ubuntu)
** Changed in: sbsigntool (Ubuntu)
Assignee: (unassigned) => Steve Langasek (vorlon)
** Changed in: sbsigntool (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sbsigntool in Ubuntu.
https://bugs.launchpad.net/bugs/1234649
Title:
UEFI shim verification against microsoft-uefica-public.pem fails with
20131003 saucy images
Status in “sbsigntool” package in Ubuntu:
New
Bug description:
UEFI shim verification fails (PKCS7 verification failed) with the images of 20131003 against the microsoft-uefica-public. keys present in
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/files/head:/notes_testing/secure-boot/keys/
The following is the failure results (http://bazaar.launchpad.net/~utah/utah/dev/view/head:/utah/isotest/iso_static_validation.py)
DEBUG: Using iso at: /tmp/utah-saucy-server-amd64.iso
INFO: Preparing image: /tmp/utah-saucy-server-amd64.iso
INFO: /tmp/utah-saucy-server-amd64.iso is locally available as /tmp/utah-saucy-server-amd64.iso
INFO: Getting image type of /tmp/utah-saucy-server-amd64.iso
DEBUG: bsdtar list command: bsdtar -t -f /tmp/utah-saucy-server-amd64.iso
INFO: Image type is: server
DEBUG: Using normal image
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./.disk/info
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O .disk/info
INFO: Arch is: amd64
INFO: Series is saucy
DEBUG: Standard name for this iso is: saucy-server-amd64.iso
DEBUG: Generating verification certificates
DEBUG: Extracting UEFI boot and kernel images
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./EFI/BOOT/BOOTx64.EFI
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O EFI/BOOT/BOOTx64.EFI
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./EFI/BOOT/grubx64.efi
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O EFI/BOOT/grubx64.efi
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./install/vmlinuz
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O install/vmlinuz
DEBUG: Verifying UEFI shim
ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
ERROR: Traceback (most recent call last):
File "/usr/lib/python2.7/unittest/case.py", line 327, in run
testMethod()
File "/usr/share/utah/isotest/iso_static_validation.py", line 481, in test_efi_secure_boot_signatures
self.assertEqual(stdout, 'Signature verification OK\n')
File "/usr/lib/python2.7/unittest/case.py", line 511, in assertEqual
assertion_func(first, second, msg=msg)
File "/usr/lib/python2.7/unittest/case.py", line 504, in _baseAssertEqual
raise self.failureException(msg)
AssertionError: 'PKCS7 verification failed\nSignature verification failed\n' != 'Signature verification OK\n'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1234649/+subscriptions
More information about the foundations-bugs
mailing list