[Bug 2064345] Re: [needs-packaging] secvarctl - Power guest secure boot with key management: userspace portion

[Patricia Domingues]

** Summary changed:

- Power guest secure boot with key management: userspace portion
+ [needs-packaging] secvarctl - Power guest secure boot with key management: userspace portion

** Description changed:

+ secvarctl
+ URL: https://github.com/open-power/secvarctl/releases/tag/v1.1.0
+ 
+ License: Apache
+ 
  Covering the userspace portion (secvarctl)
  
  Feature:
  
  This feature comprises PowerVM LPAR guest OS kernel verification to
  extend the chain of trust from partition firmware to the OS kernel and
  includes key management.  GRUB and the host OS kernel are signed with 2
  separate public key pairs.  Partition firmware includes the the public
  verification key for GRUB in its build and uses it to verify GRUB.  GRUB
  includes the public verification key for the OS kernel in its build and
  uses it to verify the OS kernel image
  
  Test case:
  
  If secure boot is switched off, any GRUB and kernel boots.
  If secure boot is switched on:
-   - Properly signed GRUB boots.
-   - Improperly signed GRUB does not boot.
-   - Tampered signed GRUB does not boot.
-   - Properly signed kernels boot.
-   - Improperly signed kernels do not boot.
-   - Tampered signed kernels do not boot.
+   - Properly signed GRUB boots.
+   - Improperly signed GRUB does not boot.
+   - Tampered signed GRUB does not boot.
+   - Properly signed kernels boot.
+   - Improperly signed kernels do not boot.
+   - Tampered signed kernels do not boot.
  TPM PCRs are extended roughly following the TCG PC Client and UEFI specs as they apply to POWER.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to powerpc-utils in Ubuntu.
https://bugs.launchpad.net/bugs/2064345

Title:
  [needs-packaging] secvarctl - Power guest secure boot with key
  management: userspace portion

Status in The Ubuntu-power-systems project:
  New
Status in powerpc-utils package in Ubuntu:
  New

Bug description:
  secvarctl
  URL: https://github.com/open-power/secvarctl/releases/tag/v1.1.0

  License: Apache

  Covering the userspace portion (secvarctl)

  Feature:

  This feature comprises PowerVM LPAR guest OS kernel verification to
  extend the chain of trust from partition firmware to the OS kernel and
  includes key management.  GRUB and the host OS kernel are signed with
  2 separate public key pairs.  Partition firmware includes the the
  public verification key for GRUB in its build and uses it to verify
  GRUB.  GRUB includes the public verification key for the OS kernel in
  its build and uses it to verify the OS kernel image

  Test case:

  If secure boot is switched off, any GRUB and kernel boots.
  If secure boot is switched on:
    - Properly signed GRUB boots.
    - Improperly signed GRUB does not boot.
    - Tampered signed GRUB does not boot.
    - Properly signed kernels boot.
    - Improperly signed kernels do not boot.
    - Tampered signed kernels do not boot.
  TPM PCRs are extended roughly following the TCG PC Client and UEFI specs as they apply to POWER.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/2064345/+subscriptions