FFe approved. Thank you!
** Changed in: linux-meta (Ubuntu Questing)
Status: New => Triaged
** Changed in: linux-signed (Ubuntu Questing)
Status: New => Triaged
** Changed in: stubble (Ubuntu Questing)
Status: New => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2121352
Title:
[FFe] arm64: Build stubble kernel
Status in linux-meta package in Ubuntu:
Triaged
Status in linux-signed package in Ubuntu:
Triaged
Status in stubble package in Ubuntu:
Triaged
Status in linux-meta source package in Questing:
Triaged
Status in linux-signed source package in Questing:
Triaged
Status in stubble source package in Questing:
Triaged
Bug description:
For arm64 we want our default signed kernel to be bundled with stubble and
dtbs.
This bug tracks progress on the integration work needed.
stubble will allow us to load device trees automatically as part of an
EFI boot stub on Qualcomm Snapdragon laptops and have them
signed/verified with UEFI secure boot. A more detailed explanation for
how and why we plan this is available in the form of a spec at
https://discourse.ubuntu.com/t/spec-stubble-a-secure-boot-friendly-
device-tree-loading-efi-stub/66560
Status
======
[X] Package stubble - https://launchpad.net/ubuntu/+source/stubble (needs
another update)
[X] MIR - https://bugs.launchpad.net/ubuntu/+source/stubble/+bug/2120322
[X] Get signing request reviewed -
https://github.com/rhboot/shim-review/issues/484
[X] Upload latest stubble changes
[ ] Integrate into kernel build
[ ] Drop flash-kernel dependency from ubuntu-x1*-settings
[ ] Update debian-cd to remove dtb hacks
[ stubble 4-0ubuntu2 FFe ]
For convenience reasons we would like to add some of the kernel
packaging/signing logic in the stubble package instead of putting it into
linux-signed
directly. This would include a new binary package including a kernel postinst
script that builds a stubble bundled kernel. The new package pulled in by
linux-signed as a dependency.
While we are there I would also like to include a patch to hide a verbose
error message in stubble behind the debug flag.
The risk of the stubble upload itself should be pretty low since it is
a new package that doesn't yet have any reverse dependencies.
The planned changes are available in the upstream repo at
https://github.com/ubuntu/stubble/tree/ubuntu/main
PPA builds will be available in
https://launchpad.net/~apw/+archive/ubuntu/signing/+packages where we test the
entire kernel build + signing pipeline
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/2121352/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
