This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1947174
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947174
Title:
Add final-checks to check certificates
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
* As part of landing builtin revocation certificates work
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1932029 it has
been identified that many kernels do not correct enforce newly enfoced
keys in the derivative flavours. I.e. due to annotations not importing
parent annotations, due to not having do_enforce_all, or using older
formats of annotations files.
* As part fips validation work final-checks got added to check and
assert that correct things are turned on.
* It has been agreed that having a final-check for builtin system
trusted & revocation certificates would be a good thing. If packaging
declares that certain certificates should be built-in trusted or
revoked, the kernel must be configured pointing at the packaging
generated .pem bundle in the config.
[Test Plan]
* Kernel should build
* If trusted or revocation are configured in packaging but the config option
is misconfigured (i.e. typo or not set), the kernel build and cranky close
should fail
[Where problems could occur]
* This is a packaging change only, thus may result in valid kernels
ftbfs but should be easy to rectify.
[Other Info]
* Also see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1932029
and kernels that derived from a primary kernel that had that fixed,
and the subsequently failed boot testing due to not enabling those
options.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947174/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
