Hi Nayna, I'm cross-posting Mate's details about key and cert here: " Hello,
Code https://code.launchpad.net/~ubuntu-uefi-team/grub/+git/ubuntu/+ref/power-sb My PPC test PPA (the power-sb ppa is out of date): https://launchpad.net/~mkukri/+archive/ubuntu/dev-ppc64el Signing key for the PPA above: https://ppa.launchpadcontent.net/mkukri/dev-ppc64el/ubuntu/dists/plucky/main/signed/grub2-ppc64el/current/control/opal.x509 " (from originally: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2064319/comments/5) (we have separate LP bugs for the kernel and the grub2 part). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2064321 Title: Power guest secure boot with key management: kernel portion Status in The Ubuntu-power-systems project: New Status in linux package in Ubuntu: New Bug description: Covering the kernel portion Feature: This feature comprises PowerVM LPAR guest OS kernel verification using static keys to extend the chain of trust from partition firmware to the OS kernel. GRUB and the host OS kernel are signed with 2 separate public key pairs. Partition firmware includes the the public verification key for GRUB in its build and uses it to verify GRUB. GRUB includes the public verification key for the OS kernel in its build and uses it to verify the OS kernel image Test case: If secure boot is switched off, any GRUB and kernel boots. If secure boot is switched on: - Properly signed GRUB boots. - Improperly signed GRUB does not boot. - Tampered signed GRUB does not boot. - Properly signed kernels boot. - Improperly signed kernels do not boot. - Tampered signed kernels do not boot. TPM PCRs are extended roughly following the TCG PC Client and UEFI specs as they apply to POWER. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/2064321/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
