Thanks For Catching/Noticing and making repairs an adjustments On Mon, Apr 23, 2018, 10:51 AM Launchpad Bug Tracker < 1696...@bugs.launchpad.net> wrote:
> ** Branch linked: lp:~ubuntu-core-dev/debian-installer/ubuntu > > -- > You received this bug notification because you are subscribed to > Launchpad itself. > Matching subscriptions: Anthony > https://bugs.launchpad.net/bugs/1696154 > > Title: > [18.04 FEAT] Sign POWER host/NV kernels > > Status in Launchpad itself: > Fix Released > Status in The Ubuntu-power-systems project: > Fix Committed > Status in linux package in Ubuntu: > Fix Committed > Status in linux-signed package in Ubuntu: > Fix Committed > > Bug description: > Feature Description: > > Sign POWER host and NV kernels with sign-file in anticipation of POWER > secure boot. Provide the associated certificate. Ideally it would > be possible to reuse the UEFI shim private key and certificate used to > sign and verify x86_64 kernels. More details to follow. Guest > kernels will be addressed in a future separate feature request. > > > Business Case: > > As a system administrator I want to verify the integrity of my kernels > so that I can prevent malicious kernels from being executed. > > Use Case: > > Signed POWER kernels will be validated by OPAL as OpenPOWER systems > boot when keys are properly installed and the system is booted in > secure mode. > > > Test Case: > > Sign and install a POWER kernel on an OpenPOWER machine with a > firmware level that supports secure boot. Install a PK, distro KEK > certificat, and distro DB certificate. Boot the system and verify > that it will boot the kernel. Negative tests: Separately remove the > signature, install an usigned kernel, and modify the kernel image and > test that the kernel will not boot. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/launchpad/+bug/1696154/+subscriptions > -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-signed in Ubuntu. https://bugs.launchpad.net/bugs/1696154 Title: [18.04 FEAT] Sign POWER host/NV kernels Status in Launchpad itself: Fix Released Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Committed Status in linux-signed package in Ubuntu: Fix Committed Bug description: Feature Description: Sign POWER host and NV kernels with sign-file in anticipation of POWER secure boot. Provide the associated certificate. Ideally it would be possible to reuse the UEFI shim private key and certificate used to sign and verify x86_64 kernels. More details to follow. Guest kernels will be addressed in a future separate feature request. Business Case: As a system administrator I want to verify the integrity of my kernels so that I can prevent malicious kernels from being executed. Use Case: Signed POWER kernels will be validated by OPAL as OpenPOWER systems boot when keys are properly installed and the system is booted in secure mode. Test Case: Sign and install a POWER kernel on an OpenPOWER machine with a firmware level that supports secure boot. Install a PK, distro KEK certificat, and distro DB certificate. Boot the system and verify that it will boot the kernel. Negative tests: Separately remove the signature, install an usigned kernel, and modify the kernel image and test that the kernel will not boot. To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1696154/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
