This isn't a security issue.
You may have unsigned kernels on your system, but we're planning to have
grub enforce signed kernels if Secure Boot is enabled -- therefore we
need to catch the case where no kernel is appropriately signed by a key
that is known to the firmware or to shim.
There's clearly some issues with the detection (and some limitations)
that we're working on addressing right now.
Systems that only have official kernels properly installed should work
normally.
Any installs that require custom kernels, or kernels coming from a PPA
would likely not be signed (well, they are, but people are unlikely to
have the keys installed in firmware), so we need to block upgrade --
it's a better alternative than having your systems fail to boot after
the upgrade because we started to install a grub that insists on signed
kernels, or because your running kernel is unsigned / not signed by a
key that is recognized.
I'm keeping this task open as there's more work needed here to make this
a better experience -- we don't /have to/ fail upgrade in all the cases,
but it's currently the only thing we can do (and I'm working on
improving that).
** Changed in: grub2 (Ubuntu)
Assignee: jai (dspace123) => (unassigned)
** Changed in: grub2 (Ubuntu)
Status: Confirmed => Triaged
** Changed in: grub2 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788727
Title:
upgrade crashing due to unsigned kernels
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1788727/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
