** Changed in: ubuntu-power-systems
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1696154

Title:
  [17.10 FEAT] Sign POWER host/NV kernels

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  Feature Description:

  Sign POWER host and NV kernels with sign-file in anticipation of POWER
  secure boot.  Provide the  associated certificate.  Ideally it would
  be possible to reuse the UEFI shim private key and certificate used to
  sign and verify x86_64 kernels.  More details to follow.  Guest
  kernels will be addressed in a future separate feature request.

  
  Business Case: 

  As a system administrator I want to verify the integrity of my kernels
  so that I can prevent malicious kernels from being executed.

  Use Case:

  Signed POWER kernels will be validated by OPAL as OpenPOWER systems
  boot when keys are properly installed and the system is booted in
  secure mode.

  
  Test Case:

  Sign and install a POWER kernel on an OpenPOWER machine with a
  firmware level that supports secure boot.  Install a PK, distro KEK
  certificat, and distro DB certificate.  Boot the system and verify
  that it will boot the kernel.  Negative tests:  Separately remove the
  signature, install an usigned kernel, and modify the kernel image and
  test that the kernel will not boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1696154/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to