Downloaded the Sept 20 desktop 64 bit ISO, and on a Secure Boot UEFI laptop running 13.04, created USB install media, and installed to another USB set up with gpt and an EFI partition. Booting the target USB worked in secure mode, with the signed kernel being used, but the symlink for the kernel is still to the unsigned kernel. As an aside here, to be entered into another bug, note that the above straightforward procedure left the laptop unbootable, with the grub.cfg file on the hard disk's EFI reset to the uuid of the USB stick, (and an additional unnecessary NVRAM boot entry added).
** Changed in: linux (Ubuntu Saucy) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1170150 Title: vmlinuz/initrd.img symlinks do not point to signed versions on kernel updates of secure boot UEFI machines Status in “linux” package in Ubuntu: Confirmed Status in “linux” source package in Raring: Won't Fix Status in “linux” source package in Saucy: Confirmed Bug description: Kernel updates on a UEFI pc with secure boot enabled have the vmlinuz and initrd.img symlinks updated, but they point to the unsigned versions of the kernel instead of the signed ones. The pc was set up with secure boot on, has never been booted with secure boot off, and no runtime problems have been noted from the wrong symlinks. Having the links to the signed versions is highly desirable, in order to set up a USB stick with its own EFI directory to boot Ubuntu, and not have to worry about changing the USB stick's grub.cfg files. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp