[Bug 2064319] [NEW] Power guest secure boot with key management: GRUB2 portion
Launchpad Bug Tracker
2064319 at bugs.launchpad.net
Tue Apr 30 17:49:23 UTC 2024
You have been subscribed to a public bug:
Covering the GRUB2 portion:
Feature:
This feature comprises PowerVM LPAR guest OS kernel verification using
static keys to extend the chain of trust from partition firmware to the
OS kernel. GRUB and the host OS kernel are signed with 2 separate
public key pairs. Partition firmware includes the the public
verification key for GRUB in its build and uses it to verify GRUB. GRUB
includes the public verification key for the OS kernel in its build and
uses it to verify the OS kernel image
Test case:
If secure boot is switched off, any GRUB and kernel boots.
If secure boot is switched on:
- Properly signed GRUB boots.
- Improperly signed GRUB does not boot.
- Tampered signed GRUB does not boot.
- Properly signed kernels boot.
- Improperly signed kernels do not boot.
- Tampered signed kernels do not boot.
TPM PCRs are extended roughly following the TCG PC Client and UEFI specs as they apply to POWER.
** Affects: grub2 (Ubuntu)
Importance: Undecided
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
Status: New
** Tags: architecture-ppc64le bugnameltc-205841 severity-critical targetmilestone-inin2404
--
Power guest secure boot with key management: GRUB2 portion
https://bugs.launchpad.net/bugs/2064319
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to grub2 in Ubuntu.
More information about the foundations-bugs
mailing list