[Bug 1964943] Re: Do not validate kernels twice
Launchpad Bug Tracker
1964943 at bugs.launchpad.net
Tue Mar 15 13:10:18 UTC 2022
** Merge proposal linked:
https://code.launchpad.net/~xnox/grub/+git/grub/+merge/416890
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1964943
Title:
Do not validate kernels twice
Status in grub2 package in Ubuntu:
New
Status in grub2 source package in Jammy:
New
Bug description:
[Impact]
* 2.06 grub + linuxefi patches submit kernel.efi for validation
twice. Once via shim-lock protocol, and again directly.
* this results in duplicate measurements for vmlinuz on classic and
kernel.efi on core and breaks measured & attested boot.
[Test Plan]
* Boot classic & core systems with this grub and decode pcr
measurements using https://github.com/canonical/tcglog-parser which
should only show a single measurement for the kernels.
[Where problems could occur]
* People relying on measured/attested boot using pre-release jammy
grub will experience a change of measurements, which is now becomming
stable relative to focal once again.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1964943/+subscriptions
More information about the foundations-bugs
mailing list