[Kernel-packages] [Bug 2034061] Re: Default module signing algo should be accelerated

Thu, 05 Oct 2023 01:21:05 -0700 

This bug was fixed in the package linux - 6.5.0-7.7

---------------
linux (6.5.0-7.7) mantic; urgency=medium

  * mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)

  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz

  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race

  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

 -- Andrea Righi <andrea.ri...@canonical.com>  Thu, 28 Sep 2023 10:19:24
+0200

** Changed in: linux (Ubuntu)
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2034061

Title:
  Default module signing algo should be accelerated

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [ Impact ]

   * Slow secureboot due to unoptimized signature verification algo

  
  [ Test Plan ]

   * Check config enforcement:

  If CONFIG_MODULE_SIG_(ALG)=y, then CONFIG_CRYPTO_(ALG)* should be =y
  as well

  [ Where problems could occur ]

   * Very old hardware incapable of a given optimisation will not gain
  from having optimised algo built-in

  [ Other Info ]
   
   * Full details

  Default module signing algo should be accelerated

  Default crypto signing algorithm for kernel modules, all its
  accelerated versions, should be built-in. This is to allow secureboot
  of accelerated machines to boot as quickly as possible when verifying
  each module signature.

  For example:

  given CONFIG_MODULE_SIG_SHA512=y

  All of

  CONFIG_CRYPTO_SHA512                            policy<{'amd64': 'y', 
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
  CONFIG_CRYPTO_SHA512                            note<'module signing'>
  CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'm'}>
  CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'm'}>
  CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'm'}>
  CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'm'}>
  CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'm'}>

  Should be =y on secureboot platforms.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2034061/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to