[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-
linux-mtk'. If the problem still exists, change the tag 'verification-
needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-mtk-v2 
verification-needed-jammy-linux-mtk

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

mantic:linux-laptop
CONFIGS/arm64-config.flavour.laptop:3151:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIGS/arm64-config.flavour.laptop:3152:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

mantic:linux-gcp
CONFIGS/amd64-config.flavour.gcp:3080:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIGS/amd64-config.flavour.gcp:3081:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

mantic:linux-azure
CONFIGS/amd64-config.flavour.azure:2785:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIGS/amd64-config.flavour.azure:2786:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y


** Tags removed: verification-needed-mantic-linux-azure
** Tags added: verification-done-mantic-linux-azure

** Tags removed: verification-needed-mantic-linux-gcp 
verification-needed-mantic-linux-laptop
** Tags added: verification-done-mantic-linux-gcp 
verification-done-mantic-linux-laptop

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

jammy:nvidia-6.5
CONFIGS/amd64-config.flavour.nvidia:3079:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIGS/amd64-config.flavour.nvidia:3080:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y


** Tags removed: verification-needed-jammy-linux-nvidia-6.5
** Tags added: verification-done-jammy-linux-nvidia-6.5

** Tags removed: verification-needed-jammy-linux-lowlatency-hwe-6.5
** Tags added: verification-done-jammy-linux-lowlatency-hwe-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

Jammy:hwe-6.5
CONFIGS/amd64-config.flavour.generic:3079:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
CONFIGS/amd64-config.flavour.generic:3080:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

This bug VT is a mess.. Nevertheless.

Jammy:lowlatency-hwe-6.5
./amd64-config.flavour.lowlatency:3084:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
./amd64-config.flavour.lowlatency:3085:CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y


** Tags removed: verification-needed-jammy-linux-lowlatency-hwe-6.5
** Tags added: verification-done-jammy-linux-lowlatency-hwe-6.5

** Tags removed: verification-done-jammy-linux-lowlatency-hwe-6.5 
verification-needed-jammy-linux-hwe-6.5
** Tags added: verification-done-jammy-linux-hwe-6.5 
verification-needed-jammy-linux-lowlatency-hwe-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Roxana Nicolescu]

** Changed in: linux-meta-azure (Ubuntu Lunar)
   Status: New => Invalid

** Changed in: linux-meta-kvm (Ubuntu Jammy)
   Status: New => Invalid

** Changed in: linux-meta-kvm (Ubuntu Kinetic)
   Status: New => Invalid

** Changed in: linux-meta-kvm (Ubuntu Lunar)
   Status: New => Invalid

** Changed in: linux-kvm (Ubuntu Kinetic)
   Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  Invalid
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  Invalid
Status in linux-meta-kvm source package in Lunar:
  Invalid
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-lowlatency-
hwe-6.5/6.5.0-14.14.1~22.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-jammy-linux-
lowlatency-hwe-6.5' to 'verification-done-jammy-linux-lowlatency-
hwe-6.5'. If the problem still exists, change the tag 'verification-
needed-jammy-linux-lowlatency-hwe-6.5' to 'verification-failed-jammy-
linux-lowlatency-hwe-6.5'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-lowlatency-hwe-6.5-v2 
verification-needed-jammy-linux-lowlatency-hwe-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 6.6.0-14.14

---
linux (6.6.0-14.14) noble; urgency=medium

  * noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)

  * Noble update: v6.6.3 upstream stable release (LP: #2045244)
- locking/ww_mutex/test: Fix potential workqueue corruption
- btrfs: abort transaction on generation mismatch when marking eb as dirty
- lib/generic-radix-tree.c: Don't overflow in peek()
- x86/retpoline: Make sure there are no unconverted return thunks due to 
KCSAN
- perf/core: Bail out early if the request AUX area is out of bound
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
- selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
- srcu: Only accelerate on enqueue time
- smp,csd: Throw an error if a CSD lock is stuck for too long
- cpu/hotplug: Don't offline the last non-isolated CPU
- workqueue: Provide one lock class key per work_on_cpu() callsite
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
- wifi: plfxlc: fix clang-specific fortify warning
- wifi: ath12k: Ignore fragments from uninitialized peer in dp
- wifi: mac80211_hwsim: fix clang-specific fortify warning
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
- atl1c: Work around the DMA RX overflow issue
- bpf: Detect IP == ksym.end as part of BPF program
- wifi: ath9k: fix clang-specific fortify warnings
- wifi: ath12k: fix possible out-of-bound read in 
ath12k_htt_pull_ppdu_stats()
- wifi: ath10k: fix clang-specific fortify warning
- wifi: ath12k: fix possible out-of-bound write in
  ath12k_wmi_ext_hal_reg_caps()
- ACPI: APEI: Fix AER info corruption when error status data has multiple
  sections
- net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
- wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
- wifi: mt76: fix clang-specific fortify warnings
- net: annotate data-races around sk->sk_tx_queue_mapping
- net: annotate data-races around sk->sk_dst_pending_confirm
- wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
- wifi: ath10k: Don't touch the CE interrupt registers after power up
- net: sfp: add quirk for FS's 2.5G copper SFP
- vsock: read from socket's error queue
- bpf: Ensure proper register state printing for cond jumps
- wifi: iwlwifi: mvm: fix size check for fw_link_id
- Bluetooth: btusb: Add date->evt_skb is NULL check
- Bluetooth: Fix double free in hci_conn_cleanup
- ACPI: EC: Add quirk for HP 250 G7 Notebook PC
- tsnep: Fix tsnep_request_irq() format-overflow warning
- gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
- platform/chrome: kunit: initialize lock for fake ec_dev
- of: address: Fix address translation when address-size is greater than 2
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
- drm/gma500: Fix call trace when psb_gem_mm_init() fails
- drm/amdkfd: ratelimited SQ interrupt messages
- drm/komeda: drop all currently held locks if deadlock happens
- drm/amd/display: Blank phantom OTG before enabling
- drm/amd/display: Don't lock phantom pipe on disabling
- drm/amd/display: add seamless pipe topology transition check
- drm/edid: Fixup h/vsync_end instead of h/vtotal
- md: don't rely on 'mddev->pers' to be set in mddev_suspend()
- drm/amdgpu: not to save bo in the case of RAS err_event_athub
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code
- drm/amdgpu: update retry times for psp vmbx wait
- drm/amd: Update `update_pcie_parameters` functions to use uint8_t 
arguments
- drm/amd/display: use full update for clip size increase of large plane
  source
- string.h: add array-wrappers for (v)memdup_user()
- kernel: kexec: copy user-array safely
- kernel: watch_queue: copy user-array safely
- drm_lease.c: copy user-array safely
- drm: vmwgfx_surface.c: copy user-array safely
- drm/msm/dp: skip validity check for DP CTS EDID checksum
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
- drm/amdgpu: Fix potential null pointer derefernce
- drm/panel: fix a possible null pointer dereference
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
- drm/radeon: fix a possible null pointer dereference
- drm/amdgpu/vkms: fix a possible null pointer dereference
- drm/panel: st7703: Pick different reset sequence
- drm/amdkfd: Fix shift out-of-bounds issue
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
- drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not 
supported
- 

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-nvidia-6.5/6.5.0-1007.7
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-done-
jammy-linux-nvidia-6.5'. If the problem still exists, change the tag
'verification-needed-jammy-linux-nvidia-6.5' to 'verification-failed-
jammy-linux-nvidia-6.5'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-nvidia-6.5-v2 
verification-needed-jammy-linux-nvidia-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-azure/6.5.0-1010.10
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-mantic-linux-azure' to 'verification-done-
mantic-linux-azure'. If the problem still exists, change the tag
'verification-needed-mantic-linux-azure' to 'verification-failed-mantic-
linux-azure'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-mantic-linux-azure-v2 
verification-needed-mantic-linux-azure

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-
hwe-6.5/6.5.0-14.14~22.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-jammy-linux-
hwe-6.5' to 'verification-done-jammy-linux-hwe-6.5'. If the problem
still exists, change the tag 'verification-needed-jammy-linux-hwe-6.5'
to 'verification-failed-jammy-linux-hwe-6.5'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-hwe-6.5-v2 
verification-needed-jammy-linux-hwe-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-laptop/6.5.0-1007.10
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-mantic-linux-laptop' to 'verification-done-
mantic-linux-laptop'. If the problem still exists, change the tag
'verification-needed-mantic-linux-laptop' to 'verification-failed-
mantic-linux-laptop'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-mantic-linux-laptop-v2 
verification-needed-mantic-linux-laptop

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-gcp/6.5.0-1010.10
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-mantic-linux-gcp' to 'verification-done-mantic-
linux-gcp'. If the problem still exists, change the tag 'verification-
needed-mantic-linux-gcp' to 'verification-failed-mantic-linux-gcp'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-mantic-linux-gcp-v2 
verification-needed-mantic-linux-gcp

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Tim Gardner]

** Tags removed: verification-needed-jammy-linux-xilinx-zynqmp
** Tags added: verification-done-jammy-linux-xilinx-zynqmp

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Tim Gardner]

** Tags removed: verification-needed-mantic-linux
** Tags added: verification-done-mantic-linux

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux/6.5.0-12.12 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-mantic-linux' to 'verification-done-mantic-linux'.
If the problem still exists, change the tag 'verification-needed-mantic-
linux' to 'verification-failed-mantic-linux'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Stefan Bader]

** Changed in: linux (Ubuntu Mantic)
   Status: In Progress => Fix Committed

** Changed in: linux-kvm (Ubuntu Mantic)
   Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-kvm source package in Mantic:
  Invalid
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-xilinx-
zynqmp/5.15.0-1024.28 kernel in -proposed solves the problem. Please
test the kernel and update this bug with the results. If the problem is
solved, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp'
to 'verification-done-jammy-linux-xilinx-zynqmp'. If the problem still
exists, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp'
to 'verification-failed-jammy-linux-xilinx-zynqmp'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-xilinx-zynqmp-v2 
verification-needed-jammy-linux-xilinx-zynqmp

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

** Tags removed: verification-needed-focal-linux-aws-5.15

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-
aws-5.15/5.15.0-1046.51~20.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-focal-linux-
aws-5.15' to 'verification-done-focal-linux-aws-5.15'. If the problem
still exists, change the tag 'verification-needed-focal-linux-aws-5.15'
to 'verification-failed-focal-linux-aws-5.15'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-focal-linux-aws-5.15-v2 
verification-needed-focal-linux-aws-5.15

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-kvm source package in Jammy:
  Fix Released
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_INTEGRITY_MACHINE_KEYRING
  CONFIG_IMA_ARCH_POLICY (this might not be necessary if the machine keyring 
implementation is patched to skip the check enabled by this kconfig)

  (The latter two are needed to ensure that MoK keys can be used to
  verify dm-verity images too, via the machine keyring linked to the
  secondary keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  To verify whether this works, add a certificate to MOK, boot and check
  the content of the secondary keyring. The machine keyring should show
  up under it, and it should show the certificates loaded in MOK. E.g.:

  $ sudo keyctl show %:.secondary_trusted_keys
  Keyring
   159454604 ---lswrv  0 0  keyring: .secondary_trusted_keys
    88754641 ---lswrv  0 0   \_ keyring: .builtin_trusted_keys
   889010778 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   799434660 ---lswrv  0 0   |   \_ asymmetric: Debian Secure Boot 
Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f
   541326986 ---lswrv  0 0   \_ keyring: .machine
   188508854 ---lswrv  0 0   \_ asymmetric: Debian Secure Boot CA: 
6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
   475039424 ---lswrv  0 0   \_ asymmetric: sb-bluca: Secure Boot 
Signing: 9a61c52d07d78a76935e67bdbe3f5e6968d62479

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-
hwe-6.2/6.2.0-26.26~22.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-jammy' to
'verification-done-jammy'. If the problem still exists, change the tag
'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags removed: verification-done-jammy
** Tags added: kernel-spammed-jammy-linux-hwe-6.2 verification-needed-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-azure/6.2.0-1009.9
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-lunar' to 'verification-done-lunar'. If the
problem still exists, change the tag 'verification-needed-lunar' to
'verification-failed-lunar'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-lunar-linux-azure

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux-riscv/6.2.0-27.28.1
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-lunar' to 'verification-done-lunar'. If the
problem still exists, change the tag 'verification-needed-lunar' to
'verification-failed-lunar'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags removed: verification-done-lunar
** Tags added: kernel-spammed-lunar-linux-riscv verification-needed-lunar

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Released
Status in linux-kvm source package in Lunar:
  Fix Released
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Launchpad Bug Tracker]

This bug was fixed in the package linux-kvm - 6.2.0-1008.8

---
linux-kvm (6.2.0-1008.8) lunar; urgency=medium

  * lunar/linux-kvm: 6.2.0-1008.8 -proposed tracker (LP: #2025454)

  * Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper

  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY=m

  [ Ubuntu: 6.2.0-25.25 ]

  * lunar/linux: 6.2.0-25.25 -proposed tracker (LP: #2024167)
  * ftrace in ubuntu_kernel_selftests failed with "check if duplicate events are
caught" on J-5.15 P9 / J-kvm / L-kvm (LP: #1977827)
- SAUCE: selftests/ftrace: Add test dependency
  * Add microphone support of the front headphone port on P3 Tower
(LP: #2023650)
- ALSA: hda/realtek: Add Lenovo P3 Tower platform
  * Add audio support for ThinkPad P1 Gen 6 and Z16 Gen 2 (LP: #2023539)
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6
  * Fix Disable thunderbolt clx make edp-monitor garbage while moving the
touchpad (LP: #2023004)
- drm/i915: Use 18 fast wake AUX sync len
  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
dongle (LP: #2021949)
- thunderbolt: Increase timeout of DP OUT adapter handshake
- thunderbolt: Do not touch CL state configuration during discovery
- thunderbolt: Increase DisplayPort Connection Manager handshake timeout
  * Enable Tracing Configs for OSNOISE and TIMERLAT (LP: #2018591)
- [Config] Enable OSNOISE_TRACER and TIMERLAT_TRACER configs
  * Fix only reach PC3 when ethernet is plugged r8169 (LP: #1946433)
- r8169: use spinlock to protect mac ocp register access
- r8169: use spinlock to protect access to registers Config2 and Config5
- r8169: enable cfg9346 config register access in atomic context
- r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
- r8169: disable ASPM during NAPI poll
- r8169: remove ASPM restrictions now that ASPM is disabled during NAPI poll
  * introduce do_lib_rust=true|false to enable/disable linux-lib-rust package
(LP: #2021605)
- [Packaging] introduce do_lib_rust and enable it only on generic amd64
  * System either hang with black screen or rebooted on entering suspend on AMD
Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics (LP: #2020685)
- drm/amdgpu: refine get gpu clock counter method
- drm/amdgpu/gfx11: update gpu_clock_counter logic
  * generate linux-lib-rust only on amd64 (LP: #2020356)
- [Packaging] generate linux-lib-rust only on amd64
  * No  HDMI/DP audio output on dock(Nvidia GPU) (LP: #2020062)
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  * Add support for mdev_set_iommu_device() kABI in Ubuntu 22.10 kernel
(LP: #1988806)
- SAUCE: Add mdev_set_iommu_device() kABI.
  * Enable audio LEDs on HP laptops (LP: #2019915)
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop
  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
  * Lunar update: v6.2.13 upstream stable release (LP: #2023929)
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
- arm64: dts: rockchip: Lower sd speed on rk3566-soquartz
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
- arm64: dts: qcom: ipq8074-hk10: enable QMP device, not the PHY node
- arm64: dts: meson-g12-common: specify full DMC range
- arm64: dts: meson-g12-common: resolve conflict between canvas & pmu
- perf/amlogic: adjust register offsets
- arm64: dts: qcom: sc8280xp-pmics: fix pon compatible and registers
- arm64: dts: imx8mm-evk: correct pmic clock source
- arm64: dts: imx8mm-verdin: correct off-on-delay
- arm64: dts: imx8mp-verdin: correct off-on-delay
- netfilter: br_netfilter: fix recent physdev match breakage
- netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNT
- rust: str: fix requierments->requirements typo
- regulator: fan53555: Explicitly include bits header
- regulator: fan53555: Fix wrong TCS_SLEW_MASK
- virtio_net: bugfix overflow inside xdp_linearize_page()
- sfc: Fix use-after-free due to selftest_work
- netfilter: nf_tables: fix ifdef to also consider nf_tables=m
- i40e: fix accessing vsi->active_filters without holding lock
- i40e: fix i40e_setup_misc_vector() error handling
- netfilter: nf_tables: validate catch-all set elements
- cxgb4: fix use after free bugs caused by circular dependency problem
- netfilter: nf_tables: tighten netlink attribute requirements for catch-all
  elements
- bnxt_en: Do not initialize PTP on older P3/P4 chips
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
- LoongArch: Fix build error if CONFIG_SUSPEND is not set
- bonding: Fix 

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 6.2.0-25.25

---
linux (6.2.0-25.25) lunar; urgency=medium

  * lunar/linux: 6.2.0-25.25 -proposed tracker (LP: #2024167)

  * ftrace in ubuntu_kernel_selftests failed with "check if duplicate events are
caught" on J-5.15 P9 / J-kvm / L-kvm (LP: #1977827)
- SAUCE: selftests/ftrace: Add test dependency

  * Add microphone support of the front headphone port on P3 Tower
(LP: #2023650)
- ALSA: hda/realtek: Add Lenovo P3 Tower platform

  * Add audio support for ThinkPad P1 Gen 6 and Z16 Gen 2 (LP: #2023539)
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6

  * Fix Disable thunderbolt clx make edp-monitor garbage while moving the
touchpad (LP: #2023004)
- drm/i915: Use 18 fast wake AUX sync len

  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
dongle (LP: #2021949)
- thunderbolt: Increase timeout of DP OUT adapter handshake
- thunderbolt: Do not touch CL state configuration during discovery
- thunderbolt: Increase DisplayPort Connection Manager handshake timeout

  * Enable Tracing Configs for OSNOISE and TIMERLAT (LP: #2018591)
- [Config] Enable OSNOISE_TRACER and TIMERLAT_TRACER configs

  * Fix only reach PC3 when ethernet is plugged r8169 (LP: #1946433)
- r8169: use spinlock to protect mac ocp register access
- r8169: use spinlock to protect access to registers Config2 and Config5
- r8169: enable cfg9346 config register access in atomic context
- r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
- r8169: disable ASPM during NAPI poll
- r8169: remove ASPM restrictions now that ASPM is disabled during NAPI poll

  * introduce do_lib_rust=true|false to enable/disable linux-lib-rust package
(LP: #2021605)
- [Packaging] introduce do_lib_rust and enable it only on generic amd64

  * System either hang with black screen or rebooted on entering suspend on AMD
Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics (LP: #2020685)
- drm/amdgpu: refine get gpu clock counter method
- drm/amdgpu/gfx11: update gpu_clock_counter logic

  * generate linux-lib-rust only on amd64 (LP: #2020356)
- [Packaging] generate linux-lib-rust only on amd64

  * No  HDMI/DP audio output on dock(Nvidia GPU) (LP: #2020062)
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table

  * Add support for mdev_set_iommu_device() kABI in Ubuntu 22.10 kernel
(LP: #1988806)
- SAUCE: Add mdev_set_iommu_device() kABI.

  * Enable audio LEDs on HP laptops (LP: #2019915)
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop

  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y

  * Lunar update: v6.2.13 upstream stable release (LP: #2023929)
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
- arm64: dts: rockchip: Lower sd speed on rk3566-soquartz
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
- arm64: dts: qcom: ipq8074-hk10: enable QMP device, not the PHY node
- arm64: dts: meson-g12-common: specify full DMC range
- arm64: dts: meson-g12-common: resolve conflict between canvas & pmu
- perf/amlogic: adjust register offsets
- arm64: dts: qcom: sc8280xp-pmics: fix pon compatible and registers
- arm64: dts: imx8mm-evk: correct pmic clock source
- arm64: dts: imx8mm-verdin: correct off-on-delay
- arm64: dts: imx8mp-verdin: correct off-on-delay
- netfilter: br_netfilter: fix recent physdev match breakage
- netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNT
- rust: str: fix requierments->requirements typo
- regulator: fan53555: Explicitly include bits header
- regulator: fan53555: Fix wrong TCS_SLEW_MASK
- virtio_net: bugfix overflow inside xdp_linearize_page()
- sfc: Fix use-after-free due to selftest_work
- netfilter: nf_tables: fix ifdef to also consider nf_tables=m
- i40e: fix accessing vsi->active_filters without holding lock
- i40e: fix i40e_setup_misc_vector() error handling
- netfilter: nf_tables: validate catch-all set elements
- cxgb4: fix use after free bugs caused by circular dependency problem
- netfilter: nf_tables: tighten netlink attribute requirements for catch-all
  elements
- bnxt_en: Do not initialize PTP on older P3/P4 chips
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
- LoongArch: Fix build error if CONFIG_SUSPEND is not set
- bonding: Fix memory leak when changing bond type to Ethernet
- net: rpl: fix rpl header size calculation
- mlxsw: pci: Fix possible crash during initialization
- spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe()
- bpf: Fix incorrect verifier pruning due to missing register precision 
taints

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

** Tags removed: verification-needed-kinetic
** Tags added: verification-done-kinetic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux/5.19.0-47.49 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-kinetic' to 'verification-done-kinetic'. If the
problem still exists, change the tag 'verification-needed-kinetic' to
'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-kinetic-linux verification-needed-kinetic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

linux-generic looks good, thanks. Will the changes to linux-kvm and
linux-azure be merged separately later?

** Tags removed: verification-needed-jammy verification-needed-lunar
** Tags added: verification-done-jammy verification-done-lunar

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux/6.2.0-25.25 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-lunar' to 'verification-done-lunar'. If the problem
still exists, change the tag 'verification-needed-lunar' to
'verification-failed-lunar'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-lunar-linux verification-needed-lunar

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Ubuntu Kernel Bot]

This bug is awaiting verification that the linux/5.15.0-77.84 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-jammy' to 'verification-done-jammy'. If the problem
still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux verification-needed-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Stefan Bader]

** Changed in: linux (Ubuntu Lunar)
   Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Kinetic)
   Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Jammy)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Fix Committed
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  Fix Committed
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  Fix Committed
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

Hi, any update on these configs changes? Have they been queued?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  In Progress
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  In Progress
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

Thank you!

Do you have details about the performance impact of IMA_ARCH?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  In Progress
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  In Progress
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Tim Gardner]

Submitted patches for review: https://lists.ubuntu.com/archives/kernel-
team/2023-May/139435.html

Note that the proposed patches do not include IMA_ARCH given the
performance impacts that option imposes.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  In Progress
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  In Progress
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Tim Gardner]

** Also affects: linux-kvm (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux-kvm (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: linux-kvm (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: linux-kvm (Ubuntu Jammy)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux-kvm (Ubuntu Kinetic)
   Importance: Undecided => Medium

** Changed in: linux-kvm (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: linux-kvm (Ubuntu Kinetic)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux-kvm (Ubuntu Lunar)
   Importance: Undecided => Medium

** Changed in: linux-kvm (Ubuntu Lunar)
   Status: New => In Progress

** Changed in: linux-kvm (Ubuntu Lunar)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux-kvm (Ubuntu Mantic)
   Importance: Undecided => Medium

** Changed in: linux-kvm (Ubuntu Mantic)
   Status: New => In Progress

** Changed in: linux-kvm (Ubuntu Mantic)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux-meta-azure (Ubuntu Jammy)
   Status: New => Invalid

** Changed in: linux-meta-azure (Ubuntu Kinetic)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-kvm source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  Invalid
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  In Progress
Status in linux-kvm source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  Invalid
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  In Progress
Status in linux-kvm source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-kvm source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

  [Regression Potential]

  MOK keys may not be correctly read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Tim Gardner]

** Changed in: linux-meta-azure (Ubuntu)
   Status: New => Invalid

** Changed in: linux-meta-kvm (Ubuntu)
   Status: New => Invalid

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu)
   Status: Confirmed => In Progress

** Changed in: linux (Ubuntu)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Also affects: linux (Ubuntu Mantic)
   Importance: Medium
 Assignee: Tim Gardner (timg-tpi)
   Status: In Progress

** Also affects: linux-meta-azure (Ubuntu Mantic)
   Importance: Undecided
   Status: Invalid

** Also affects: linux-meta-kvm (Ubuntu Mantic)
   Importance: Undecided
   Status: Invalid

** Also affects: linux (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-azure (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-kvm (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-azure (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-kvm (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-azure (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: linux-meta-kvm (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: linux (Ubuntu Jammy)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux (Ubuntu Kinetic)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: linux (Ubuntu Kinetic)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Changed in: linux (Ubuntu Lunar)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Lunar)
   Status: New => In Progress

** Changed in: linux (Ubuntu Lunar)
 Assignee: (unassigned) => Tim Gardner (timg-tpi)

** Description changed:

+ SRU Justification
+ 
+ [Impact]
+ 
  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.
+ 
+ [Fix]
  
  Please consider enabling the following kconfigs:
  
  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY
  
  (The latter is needed to ensure that MoK keys can be used to verify dm-
  verity images too, via the machine keyring linked to the secondary
  keyring)
  
  These are already enabled in the 'main' kernel config, and in other
  distros.
  
  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.
+ 
+ [Regression Potential]
+ 
+ MOK keys may not be correctly read.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  New
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  In Progress
Status in linux-meta-azure source package in Kinetic:
  New
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  In Progress
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  [Fix]

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality 

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

There's no specific log to share, I've downloaded the kconfig for the
kvm flavour from the linux-
buildinfo-6.2.0-1003-kvm_6.2.0-1003.3_amd64.deb package, extracted
usr/lib/linux/6.2.0-1003-kvm/config and checked for these kconfigs, and
they are not present:

$ grep DM_VERITY config
# CONFIG_DM_VERITY is not set
$ grep IMA_ARCH config
$

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  In Progress
Status in linux-meta-azure package in Ubuntu:
  Invalid
Status in linux-meta-kvm package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-meta-azure source package in Jammy:
  New
Status in linux-meta-kvm source package in Jammy:
  New
Status in linux source package in Kinetic:
  New
Status in linux-meta-azure source package in Kinetic:
  New
Status in linux-meta-kvm source package in Kinetic:
  New
Status in linux source package in Lunar:
  New
Status in linux-meta-azure source package in Lunar:
  New
Status in linux-meta-kvm source package in Lunar:
  New
Status in linux source package in Mantic:
  In Progress
Status in linux-meta-azure source package in Mantic:
  Invalid
Status in linux-meta-kvm source package in Mantic:
  Invalid

Bug description:
  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Christian Ehrhardt ]

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux package in Ubuntu:
  New
Status in linux-meta-azure package in Ubuntu:
  New
Status in linux-meta-kvm package in Ubuntu:
  New

Bug description:
  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2019040] Re: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

[Luca Boccassi]

** Summary changed:

- linux-kvm: please enable dm-verity kconfigs
+ linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images

** Also affects: linux-meta-azure (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040

Title:
  linux-*: please enable dm-verity kconfigs to allow MoK/db verified
  root images

Status in linux-meta-azure package in Ubuntu:
  New
Status in linux-meta-kvm package in Ubuntu:
  New

Bug description:
  The kvm flavours currently do not enable dm-verity. This stops us from
  using integrity protected and verified images in VMs using this kernel
  flavour.

  Please consider enabling the following kconfigs:

  CONFIG_DM_VERITY
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
  CONFIG_IMA_ARCH_POLICY

  (The latter is needed to ensure that MoK keys can be used to verify
  dm-verity images too, via the machine keyring linked to the secondary
  keyring)

  These are already enabled in the 'main' kernel config, and in other
  distros.

  As a specific and explicit use case, in the systemd project we want to
  test functionality provided by systemd that needs these kconfigs on
  Ubuntu machines running the kvm flavour kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta-azure/+bug/2019040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp