[Kernel-packages] [Bug 1800856] [NEW] allow kexec_file of unsigned images under lockdown

Wed, 31 Oct 2018 07:50:55 -0700 

Public bug reported:

[Impact]

When using kexec -s with an unsigned image, it will fail requiring a
signed image, even if the system is not under lockdown. kexec without
the -s option will still work.

[Test case]
Tested with kexec -s with both a signed and unsigned image, both under lockdown 
and not under lockdown.

[Potential Regressions]
We allow unsigned kernels to be loaded even under lockdown. However, the test 
case has tested that and it still failed. Other regression would be that no 
kernel could be loaded. Also tested under test case.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Bionic)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Cosmic)
     Importance: Undecided
         Status: In Progress

** Affects: linux (Ubuntu Disco)
     Importance: Undecided
         Status: In Progress

** Also affects: linux (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: linux (Ubuntu Disco)
       Status: New => In Progress

** Changed in: linux (Ubuntu Cosmic)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800856

Title:
  allow kexec_file of unsigned images under lockdown

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress
Status in linux source package in Disco:
  In Progress

Bug description:
  [Impact]

  When using kexec -s with an unsigned image, it will fail requiring a
  signed image, even if the system is not under lockdown. kexec without
  the -s option will still work.

  [Test case]
  Tested with kexec -s with both a signed and unsigned image, both under 
lockdown and not under lockdown.

  [Potential Regressions]
  We allow unsigned kernels to be loaded even under lockdown. However, the test 
case has tested that and it still failed. Other regression would be that no 
kernel could be loaded. Also tested under test case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1800856/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to