We should not add opal keys to the built_trusted_keys_keyring as that's not the purpose of these keys. We could add them direct to .platform or .ima keyrings, but it would be best to load them from firmware direct. Are the above attached keys & ESL available from the "powerpc:db"?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1903288 Title: Power guest secure boot with static keys: kernel portion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1903288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
