[Bug 2083770] Re: EFI cannot boot FIPS kernel
Steve Langasek
2083770 at bugs.launchpad.net
Sun Oct 6 17:35:07 UTC 2024
FIPS kernels because they must go through a lengthy certification
process frequently lag behind the non FIPS kernels with respect to
SecureBoot revocations. You are evidently trying to pair a newer shim
with aFIPS kernel which is no longer trusted by that shim. This is not
an ubuntu-image issue.
** Changed in: ubuntu-image
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to Ubuntu Image.
https://bugs.launchpad.net/bugs/2083770
Title:
EFI cannot boot FIPS kernel
Status in Ubuntu Image:
Invalid
Bug description:
During the manual customization phase I attach the machine to a pro
subscription and enable/install the FIPS kernel. Once the image is
built, I have 2 kernels available in the boot list, the original
kernel and the FIPS kernel. When I use a VMWare U8.x VM with EFI,
booting the FIPS kernel fails but the original boots. When I switch to
BIOS (VMWare U7.2), it boots the FIPS kernel without issue.
The error is a digest validation failure which appears to be related
to the EFI shim.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-image/+bug/2083770/+subscriptions
More information about the foundations-bugs
mailing list