[Bug 2069232] Re: Missing measurements on confidential computing platforms (Intel TDX)

Launchpad Bug Tracker 2069232 at bugs.launchpad.net
Mon Jul 1 11:51:01 UTC 2024 

This bug was fixed in the package grub2-unsigned - 2.12-1ubuntu9

---------------
grub2-unsigned (2.12-1ubuntu9) oracular; urgency=medium

  * Cherry-pick upstream efi mm patches to avoid crashing at exit on Mu
  * peimage: Improve section consistency checks, use grub_dprintf for errors
  * peimage: Make sure partially loaded images are unloaded on error
  * Implement support for UEFI NX mitigation
  * Cherry-pick missing TDX measurements fix (LP: #2069232)
  * grub-common.service: Add After/Requires=boot-complete.target (LP: #1992643)
  * d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
  * Cherry-pick fdtdump patch
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Mate Kukri <mate.kukri at canonical.com>  Wed, 19 Jun 2024 11:47:16
+0100

** Changed in: grub2-unsigned (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2069232

Title:
  Missing measurements on confidential computing platforms (Intel TDX)

Status in grub:
  Unknown
Status in The Kobuk project:
  Confirmed
Status in grub2-signed package in Ubuntu:
  New
Status in grub2-unsigned package in Ubuntu:
  Fix Released

Bug description:
  When we run a Confidential VM with grub bootlodaer on Intel TDX
  platform, the module tpm is not loaded and boot measurements are not
  done for the guest VM.

  This bug will prevent grub of doing measurements on confidential computing platform
  (the bug has been confirmed on Intel TDX). This lack of measurements will break the
  remote attestation

  See upstream bug : https://savannah.gnu.org/bugs/?65821

  Upstream fix :
  https://git.savannah.gnu.org/cgit/grub.git/commit/?id=86df79275d065d87f4de5c97e456973e8b4a649c

To manage notifications about this bug go to:
https://bugs.launchpad.net/grub/+bug/2069232/+subscriptions

More information about the foundations-bugs mailing list