[Bug 1475954] Re: grub does not validate kernel signature during secure boot
*** This bug is a duplicate of bug 1401532 *** https://bugs.launchpad.net/bugs/1401532 What Marc said in comment #1 was previously true. However, there is now ongoing work to enable secure boot as a security measure for Ubuntu 16.04 LTS. That will include kernel signature verification. I'm going to mark this bug report as a dupe of a similar bug report (bug #1401532) which is being used to track the work. Thanks! ** This bug has been marked a duplicate of bug 1401532 GRUB's Secure Boot implementation loads unsigned kernel without warning -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475954 Title: grub does not validate kernel signature during secure boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1475954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475954] Re: grub does not validate kernel signature during secure boot
Ubuntu's support for secure boot is solely intended as a compatibility measure so that media can boot on secure boot enabled computers. There are no current plans to enable secure boot as a security measure. ** Changed in: grub2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475954 Title: grub does not validate kernel signature during secure boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1475954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475954] Re: grub does not validate kernel signature during secure boot
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475954 Title: grub does not validate kernel signature during secure boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1475954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475954] Re: grub does not validate kernel signature during secure boot
Thanks for the update. Do you know if it's even possible to use grub to verify the signatures of the currently distributed signed Ubuntu kernels? As far as I can tell, grub only supports gpg detached signatures. The Ubuntu kernels seem to be signed using sbsigntool with an X509 certificate and private key. If not, I believe the only way to actually use secure boot with an Ubuntu kernel is to directly load the kernel from the EFI without using grub... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475954 Title: grub does not validate kernel signature during secure boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1475954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs