[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-07-27 Thread Frank Heimes
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1877955 Title: Fix for secure boot rules in IMA arch

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-07-27 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 5.4.0-42.46 --- linux (5.4.0-42.46) focal; urgency=medium * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069) * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668) - SAUCE: Revert "netprio_cgroup: Fix

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-07-01 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 5.4.0-40.44 --- linux (5.4.0-40.44) focal; urgency=medium * linux-oem-5.6-tools-common and -tools-host should be dropped (LP: #1881120) - [Packaging] Add Conflicts/Replaces to remove linux-oem-5.6-tools-common and -tools-host

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-17 Thread Frank Heimes
Great, many thx for the verification! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1877955 Title: Fix for secure boot rules in IMA arch policy on powerpc Status in The

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-17 Thread bugproxy
--- Comment From naynj...@ibm.com 2020-06-17 11:42 EDT--- Thanks !! This is exactly what I needed. I am now able to boot the signed kernel both in "secure and trusted enabled" and "only secure enabled" case. The earlier patch was missing the fix for "only secure enabled" case. This patch

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-17 Thread Frank Heimes
So in general the key should be part of the firmware, in case of a standard IBM Power system, that is shipped to customers with secureboot support, A kernel from proposed is part of the official Ubuntu archive and with that signed with the standard production key. But that might be different in

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-16 Thread Dimitri John Ledkov
Hi, Each signed object is published on in the repository under /$suite/main/signed/$src-$arch. I.e. the linux in focal proposed signed artefacts can be found at: http://ports.ubuntu.com/dists/focal-proposed/main/signed/linux-ppc64el/ I.e.

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-16 Thread Frank Heimes
Hi, since 'proposed' belongs to the official archives (archive.ubuntu.com/ubuntu) and packages from proposed are just located in a special area there (we call it the proposed 'pocket'), kernels and other packages from there that are signed, are signed with the standard and common key. Only a

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-10 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-04 Thread Frank Heimes
** Changed in: ubuntu-power-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1877955 Title: Fix for secure boot rules in IMA arch

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-04 Thread Khaled El Mously
** Changed in: linux (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1877955 Title: Fix for secure boot rules in IMA arch

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-06-03 Thread Frank Heimes
** Also affects: linux (Ubuntu Groovy) Importance: Undecided Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) Status: In Progress ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Focal)

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-29 Thread Frank Heimes
Kernel SRU request submitted: https://lists.ubuntu.com/archives/kernel-team/2020-May/thread.html#110532 Updating status to 'In Progress'. ** Changed in: linux (Ubuntu) Status: Triaged => In Progress ** Changed in: ubuntu-power-systems Status: Triaged => In Progress -- You

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-29 Thread Frank Heimes
SRU stands for "Stable Release Update" and describes the process that is needed to get a patch (or patches) to fix critical issues into components that are part of an Ubuntu version that is already released (post GA). The process for packages (https://wiki.ubuntu.com/StableReleaseUpdates) is

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-29 Thread Frank Heimes
** Description changed: SRU Justification: == [Impact] * Currently the kernel module appended signature is verified twice (finit_module) - once by the module_sig_check() and again by IMA. * To prevent this the powerpc secure boot rules define an IMA

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-29 Thread Frank Heimes
** Description changed: + SRU Justification: + == + + [Impact] + + * A qeth device on a DPM-managed (HMC) IBM Z machine does not obtain its + MAC address for layer2 OSD interfaces from the OSA Network Adapter, + instead it uses a random MAC address. + + * This can cause

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-28 Thread Frank Heimes
I had another look at the entire thread at lore.kernel.org: https://lore.kernel.org/linux-integrity/1588342612-14532-1-git-send-email-na...@linux.ibm.com/T/#u and think patch "powerpc/ima: Fix secure boot rules in ima arch policy" is the one that fixes 'powerpc/ima: fix secure boot rules in ima

[Kernel-packages] [Bug 1877955] Re: Fix for secure boot rules in IMA arch policy on powerpc

2020-05-11 Thread Frank Heimes
Thx for creating this separate bug. I just need to set it to Incomplete until the patch got upstream accepted and is available for example from 'linux-next' (which is not yet the case, but probably soon). In preparation for the SRU process I changed the bug title. ** Summary changed: -