[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
This bug was fixed in the package linux - 5.4.0-24.28 --- linux (5.4.0-24.28) focal; urgency=medium * focal/linux: 5.4.0-24.28 -proposed tracker (LP: #1871939) * getitimer returns it_value=0 erroneously (LP: #1349028) - [Config] CONTEXT_TRACKING_FORCE policy should be unset * 12d1:1038 Dual-Role OTG device on non-HNP port - unable to enumerate USB device on port 1 (LP: #1047527) - [Config] USB_OTG_FSM policy not needed * Add DCPD backlight support for HP CML system (LP: #1871589) - SAUCE: drm/i915: Force DPCD backlight mode for HP CML 2020 system * Backlight brightness cannot be adjusted using keys (LP: #1860303) - SAUCE drm/i915: Force DPCD backlight mode for HP Spectre x360 Convertible 13t-aw100 * CVE-2020-11494 - slcan: Don't transmit uninitialized stack data in padding * Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot (LP: #1866909) - powerpc: Detect the secure boot mode of the system - powerpc/ima: Add support to initialize ima policy rules - powerpc: Detect the trusted boot state of the system - powerpc/ima: Define trusted boot policy - ima: Make process_buffer_measurement() generic - certs: Add wrapper function to check blacklisted binary hash - ima: Check against blacklisted hashes for files with modsig - powerpc/ima: Update ima arch policy to check for blacklist - powerpc/ima: Indicate kernel modules appended signatures are enforced - powerpc/powernv: Add OPAL API interface to access secure variable - powerpc: expose secure variables to userspace via sysfs - x86/efi: move common keyring handler functions to new file - powerpc: Load firmware trusted keys/hashes into kernel keyring - x86/efi: remove unused variables * [roce-0227]sync mainline kernel 5.6rc3 roce patchset into ubuntu HWE kernel branch (LP: #1864950) - RDMA/hns: Cleanups of magic numbers - RDMA/hns: Optimize eqe buffer allocation flow - RDMA/hns: Add the workqueue framework for flush cqe handler - RDMA/hns: Delayed flush cqe process with workqueue - RDMA/hns: fix spelling mistake: "attatch" -> "attach" - RDMA/hns: Initialize all fields of doorbells to zero - RDMA/hns: Treat revision HIP08_A as a special case - RDMA/hns: Use flush framework for the case in aeq - RDMA/hns: Stop doorbell update while qp state error - RDMA/hns: Optimize qp destroy flow - RDMA/hns: Optimize qp context create and destroy flow - RDMA/hns: Optimize qp number assign flow - RDMA/hns: Optimize qp buffer allocation flow - RDMA/hns: Optimize qp param setup flow - RDMA/hns: Optimize kernel qp wrid allocation flow - RDMA/hns: Optimize qp doorbell allocation flow - RDMA/hns: Check if depth of qp is 0 before configure * [hns3-0316]sync mainline kernel 5.6rc4 hns3 patchset into ubuntu HWE kernel branch (LP: #1867586) - net: hns3: modify an unsuitable print when setting unknown duplex to fibre - net: hns3: add enabled TC numbers and DWRR weight info in debugfs - net: hns3: add support for dump MAC ID and loopback status in debugfs - net: hns3: add missing help info for QS shaper in debugfs - net: hns3: fix some mixed type assignment - net: hns3: rename macro HCLGE_MAX_NCL_CONFIG_LENGTH - net: hns3: remove an unnecessary resetting check in hclge_handle_hw_ras_error() - net: hns3: delete some reduandant code - net: hns3: add a check before PF inform VF to reset - net: hns3: print out status register when VF receives unknown source interrupt - net: hns3: print out command code when dump fails in debugfs - net: hns3: synchronize some print relating to reset issue - net: hns3: delete unnecessary logs after kzalloc fails * [SRU][F/U/OEM-5.6] UBUNTU: SAUCE: Fix amdgpu hang during acpi event (LP: #1871316) - SAUCE: drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event * alsa: make the dmic detection align to the mainline kernel-5.6 (LP: #1871284) - ALSA: hda: add Intel DSP configuration / probe code - ALSA: hda: fix intel DSP config - ALSA: hda: Allow non-Intel device probe gracefully - ALSA: hda: More constifications - ALSA: hda: Rename back to dmic_detect option - [Config] SND_INTEL_DSP_CONFIG=m * add_key05 from ubuntu_ltp_syscalls failed (LP: #1869644) - KEYS: reaching the keys quotas correctly * Fix authentication fail on Realtek WiFi 8723de (LP: #1871300) - SAUCE: rtw88: No retry and report for auth and assoc - SAUCE: rtw88: fix rate for a while after being connected - SAUCE: rtw88: Move driver IQK to set channel before association for 11N chip * Add Mute LED support for an HP laptop (LP: #1871090) - ALSA: hda/realtek: Enable mute LED on an HP system * dscr_sysfs_test / futex_bench / tm-unavailable in powerpc from ubuntu_kernel_selftests timeout on PowerPC nodes with B-5.3 (LP: #1864642) - Revert "UBUNTU:
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
@naynjain thanks for the update. Could you raise a new bug for the additional patch "powerpc/ima: fix secure boot rules in ima arch policy"? This one will be closed once the original patchsets have progressed into the 20.04 5.4 kernel. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
** Changed in: ubuntu-power-systems Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Thanks for testing. I've applied the patches to focal/master-next. ** Changed in: linux (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: ubuntu-power-systems Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Test build is done now, in the same location. It has the above patch and also the updated patch from bug 1855668. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Oh but PPC_SECURE_BOOT depends on IMA_ARCH_POLICY. For now I'm going to make it depend on that or LOCK_DOWN_IN_SECURE_BOOT to get the test build going. I think this makes sense because lockdown enforces signatures for module loading and kexec (plus a number of other restrictions), which I think is all the IMA arch policy is enforcing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Um, off rather. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
I'll get a test kernel uploaded with IMA_ARCH_POLICY up, will let you know when it's ready for testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Afaict the ppc ima arch policy is about ensuring that signature verification is done for module loading and kexec, which in our kernel will be enforced by automatically turning on lockdown integrity mode under secure boot. So my conclusion is that CONFIG_MODULE_SIG_FORCE should stay off and CONFIG_IMA_ARCH_POLICY should be disabled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
I'm suddenly having a major sense of deja vu about this. I think we hit very similar issues on x86, and after discussions with Mimi we decided that CONFIG_IMA_ARCH_POLICY should be disabled for us. I think this may be the right solution here too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Our policy is to require module signatures only under lockdown. CONFIG_MODULE_SIG_FORCE requires modules to be signed unconditionally, which makes dkms impossible on systems which have no mechanism for importing keys from firmware. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
If we understood you correctly you want to have CONFIG_MODULE_SIG_FORCE set (for Power only) - so we are considering that ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Yes, I had a quick look at the sources MODULE_SIG_FORCE is currently unset for
all architectures:
annotations:CONFIG_MODULE_SIG_FORCE policy<{'amd64':
'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 'riscv64': 'n',
's390x': 'n'}>
config.common.ubuntu:# CONFIG_MODULE_SIG_FORCE is not set
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1866909
Title:
Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Build is done now, version 5.4.0-21.25+lp1866909v202004020814 in https://launchpad.net/~sforshee/+archive/ubuntu/lp1866909/+packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Note that it is still building, should be ready in a few hours. I'll post an update when it is done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Yes, Seth was so kind to already trigger a new build - it has the config ootions in (and I think also the patches from LP 1855668, comment #19 and #10). If you refresh https://launchpad.net/~sforshee/+archive/ubuntu/lp1866909 you should now see the newer version: 5.4.0-21.25+lp1866909v202004020814 (time stamp April 2nd) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
The test/dev key that was used to sign the kernel from this PPA is itself also
part of the PPA.
Find the PPA archive URL (aka 'deb-line') by browsing the landing page of this
PPA:
https://launchpad.net/~sforshee/+archive/ubuntu/lp1866909
The URL ('deb-line') is: http://ppa.launchpad.net/sforshee/lp1866909/ubuntu
and follow that via '/dists/focal/main/signed/linux-ppc64el/current/' and you
will find the key here (incl. checksum):
http://ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/
The key file itself is:
http://ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/signed.tar.gz
(extract for example with 'tar xf')
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1866909
Title:
Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
The kernel team was so kind to create a test kernel in this PPA: https://launchpad.net/~sforshee/+archive/ubuntu/lp1866909 Please give it a thoroughly test on short notice! Thank you -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Hi Nayna, we talked about that with Michael Ranweiler in a call today. And we will also discuss with the Canonical kernel team about the options that exist - stay tuned. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
** Changed in: ubuntu-power-systems Assignee: (unassigned) => Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) ** Changed in: linux (Ubuntu) Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) => Canonical Kernel Team (canonical-kernel-team) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
"May I ask the kernel version that Ubuntu will be using for 20.04 ?" I see this getting asked a lot on both Power and Z tickets, I thought Ubuntu communicated way back in November 2019 to everyone that we will ship linux-generic in 20.04 based on v5.4 kernel. Is this not been clear? or are there any teams working on Power or Z that need this reiterated? Where should this be communicated, such that it no longer is a question? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
That is a significant list for patches - are they all > 5.4? (I'll look them up ...) Ubuntu Server 20.04 will be shipped with a kernel 5.4 - and beta is planned to be released on April 2nd (so next Thursday) - things are largely freezed already. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
When I earlier looked-up the commits listed here in the bug description via their 'commit name', I found some but not all of them. (I prefer looking up commits via it's name rather than via their hash, since depending on the git tree they come from [upstream, ubuntu, etc.] hashes can be different). It turned out that some of the descriptions next to the hashes above are the xact descriptions, other are not. Doing another lookup in the focal master tree - now with the exact names - I was able to find the additional 5 commits: $ git log --oneline --grep "ima: add support for arch specific policies" 6191706246de ima: add support for arch specific policies $ git log --oneline --grep "ima: Implement support for module-style appended signatures" 39b07096364a ima: Implement support for module-style appended signatures $ git log --oneline --grep "tpm: enhance TPM 2.0 PCR extend to support multiple banks" c1f92b4b04ad tpm: enhance TPM 2.0 PCR extend to support multiple banks $ git log --oneline --grep "tpm: add securityfs support for TPM 2.0 firmware event log" 4d23cc323cdb tpm: add securityfs support for TPM 2.0 firmware event log $ git log --oneline --grep "powerpc: Enable CONFIG_KEXEC_FILE in powerpc server defconfigs." 500c7ab1a9db powerpc: Enable CONFIG_KEXEC_FILE in powerpc server defconfigs. May I ask about the status of the two commits marked at tbd? Are they ready, ideally already upstream / in 'linux-next'? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
I had a first glimpse at the patches/commits, and found out that: The following commits are already in 'focal' aka 20.04 (even in master, hence they are in the current focal kernel): 8c655784e2cf "integrity: Define a trusted platform keyring" f218a29c25ad "ima: Support platform keyring for kernel appraisal" 467d27824920 "ima: carry the measurement list across kexec" So these can be considered as done. The following commits are yet neither in the linux tree, nor in linux-next: "ima: arch specific policy support" "Appended signatures support for IMA appraisal" "TPM 2.0 Multibank extend support" "TPM 2.0 Eventlog support" "kexec_file_load system call support" I assume they are currently on a staging tree?! And the two TBDs are not ready, yet, but probably in the works. Please notice that the patches need to be upstream (accepted) for Canonical to be able to pick them up. And they need to apply cleanly on top of the target kernel's master-next tree (in this case 'focal' master-next): git clone https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal --branch master-next --single-branch focal-master-next Due to the fact that there seems to be still some work needed, and because the patches look pretty significant and touch common-code and that we are already quite late in the 'focal' development cycle, I'm not sure if it will be possible to get them into the initial release version of 20.04. But at the end it depends on the (upstream) availability and the Canonical kernel team. As soon as all commits/patches are available and apply cleanly, I'll submit a request to the Canonical kernel team's mailing list and a decision will finally be made by the kernel team. For now I'm setting the status to Incomplete. ** Changed in: linux (Ubuntu) Status: New => Incomplete ** Changed in: ubuntu-power-systems Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1866909] Re: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
** Package changed: kernel-package (Ubuntu) => linux (Ubuntu) ** Also affects: ubuntu-power-systems Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
