[Bug 2064319] Comment bridged from LTC Bugzilla
bugproxy
2064319 at bugs.launchpad.net
Fri Apr 11 11:40:31 UTC 2025
------- Comment From nasastry at in.ibm.com 2025-04-11 07:36 EDT-------
(In reply to comment #10)
> Hello,
>
> Code
> https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu/+ref/power-sb
> My PPC test PPA (the power-sb ppa is out of date):
> https://launchpad.net/~mkukri/+archive/ubuntu/dev-ppc64el
> Signing key for the PPA above:
> https://ppa.launchpadcontent.net/mkukri/dev-ppc64el/ubuntu/dists/plucky/main/
> signed/grub2-ppc64el/current/control/opal.x509
Trying to add the above repository by that I can install the signed
grub. But repository setting is failing with the following error.
root at ltcden13-lp2:/home/test# add-apt-repository https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu
Repository: 'deb https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu plucky main'
Description:
Archive for codename: plucky components: main
More info: https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu
Adding repository.
Press [ENTER] to continue or Ctrl-c to cancel.
Found existing deb entry in /etc/apt/sources.list.d/archive_uri-https_code_launchpad_net_ubuntu-uefi-team_grub_git_ubuntu-plucky.list
Adding deb entry to /etc/apt/sources.list.d/archive_uri-https_code_launchpad_net_ubuntu-uefi-team_grub_git_ubuntu-plucky.list
Found existing deb-src entry in /etc/apt/sources.list.d/archive_uri-https_code_launchpad_net_ubuntu-uefi-team_grub_git_ubuntu-plucky.list
Adding disabled deb-src entry to /etc/apt/sources.list.d/archive_uri-https_code_launchpad_net_ubuntu-uefi-team_grub_git_ubuntu-plucky.list
Hit:1 http://ports.ubuntu.com/ubuntu-ports plucky InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports plucky-updates InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports plucky-backports InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports plucky-security InRelease
Ign:5 https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu plucky InRelease
Err:6 https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu plucky Release
404 Not Found [IP: 185.125.189.222 443]
Reading package lists... Done
E: The repository 'https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu plucky Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Some sources can be modernized. Run 'apt modernize-sources' to do so.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2064319
Title:
Power guest secure boot with key management: GRUB2 portion
Status in The Ubuntu-power-systems project:
New
Status in grub2 package in Ubuntu:
New
Bug description:
Covering the GRUB2 portion:
Feature:
This feature comprises PowerVM LPAR guest OS kernel verification using
static keys to extend the chain of trust from partition firmware to
the OS kernel. GRUB and the host OS kernel are signed with 2 separate
public key pairs. Partition firmware includes the the public
verification key for GRUB in its build and uses it to verify GRUB.
GRUB includes the public verification key for the OS kernel in its
build and uses it to verify the OS kernel image
Test case:
If secure boot is switched off, any GRUB and kernel boots.
If secure boot is switched on:
- Properly signed GRUB boots.
- Improperly signed GRUB does not boot.
- Tampered signed GRUB does not boot.
- Properly signed kernels boot.
- Improperly signed kernels do not boot.
- Tampered signed kernels do not boot.
TPM PCRs are extended roughly following the TCG PC Client and UEFI specs as they apply to POWER.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/2064319/+subscriptions
More information about the foundations-bugs
mailing list