[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Downloaded the Sept 20 desktop 64 bit ISO, and on a Secure Boot UEFI laptop running 13.04, created USB install media, and installed to another USB set up with gpt and an EFI partition. Booting the target USB worked in secure mode, with the signed kernel being used, but the symlink for the kernel is still to the unsigned kernel.As an aside here, to be entered into another bug, note that the above straightforward procedure left the laptop unbootable, with the grub.cfg file on the hard disk's EFI reset to the uuid of the USB stick, (and an additional unnecessary NVRAM boot entry added). ** Changed in: linux (Ubuntu Saucy) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request. We are approaching release and would like to confirm if this bug is still present. Please test again with the latest development kernel and indicate in the bug if this issue still exists or not. You can update to the latest development kernel by simply running the following commands in a terminal window: sudo apt-get update sudo apt-get dist-upgrade If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released. Thank you for your help, we really do appreciate it. ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete ** Tags added: kernel-request-3.11.0-7.14 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
** Tags added: saucy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
I don't think we can do much about this at this stage for Raring. As this is only affecting non-default software at this point I am pushing this out for consideration in S. ** Also affects: linux (Ubuntu Raring) Importance: Medium Status: Confirmed ** Also affects: linux (Ubuntu S-series) Importance: Undecided Status: New ** Changed in: linux (Ubuntu S-series) Status: New => Confirmed ** Changed in: linux (Ubuntu S-series) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Raring) Status: Confirmed => Won't Fix ** Changed in: linux (Ubuntu Raring) Assignee: (unassigned) => Andy Whitcroft (apw) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Bug 1091464 affects me (grub unable to chainload Windows), so as a workaround, I have a separate ESP on a USB stick. The stick boots Ubuntu 12.10 off the hard disk, and the stick is not mounted in the filesystem. I had been updating the stick's EFI/ubuntu/grub.cfg as each kernel update occurred, but thought I would instead just use the root symlinks, and avoid future grub updates to the stick. That is when I noticed that the symlinks' targets were the unsigned versions of the kernel, and reported the bug. Now grub WILL boot the unsigned kernels off the existing symlinks, and I can see no differences when signed vs. unsigned kernel is used, but I don't know how the symlinks are used by other programs, so something may break if the symlinks don't target the running kernel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
I am not aware of anything which consumes these links when generating grub configurations. Therefore that they point to the non-signed images does not seem likely to trigger issues here. Where are you seeing issues from this missmatch. What tool is consuming them and generating bad usb sticks ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
The kernel packaging manages these symlinks. ** Package changed: grub2 (Ubuntu) => linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
One option is to generate /vmlinuz.efi.signed symlinks. Would that be sufficient? ** Changed in: grub2 (Ubuntu) Status: Incomplete => Confirmed ** Tags added: precise quantal raring ** Changed in: grub2 (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Ubuntu 12.10, updated several times, getting kernels ...17, ...26, and ...27. The symlinks in / were examined with "ls -l" and the output indicated that the link was to the /boot/vmlinuz-generic file, NOT the /boot/vmlinuz...-generic.efi.signed file. Applying the sbattach command to the /vmlinuz (and to the actual /boot/vmlinuz-3.5.0-27-generic file) produced a zero length output with the warnings: warning: file-aligned section of .text extends beyond end of the file warning: checksum areas are greater than image size. invalid section table? Applying the sbattach command to the /boot/vmlinuz...-generic.efi.signed file produced no errors, and output of length 1911. I conclude that the kernels in /boot ending in ".efi.signed" are the signed versions, and the ones ending in ".generic" are not -- with the symlinks in "/" pointing to the unsigned versions. The file /etc/kernel-img.conf contains symlinks=yes, and bootloader=no -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Which version of ubuntu is this? How did you check that it points to an unsigned image? You can use: sbattach --detach /tmp/signature /vmlinuz && ls -la /tmp/signature To check if there is signature present in the vmlinuz. ** Changed in: grub2 (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1170150] Re: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: grub2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1170150/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs