This bug was fixed in the package grub2-signed - 1.93.4
---
grub2-signed (1.93.4) bionic; urgency=medium
* Rebuild against grub2 2.02-2ubuntu8.3 and check kernel is signed on
amd64 EFI before installing grub (LP: #1786491).
-- Julian Andres Klode Mon, 13 Aug 2018 12:51:32
This bug was fixed in the package grub2 - 2.02-2ubuntu8.3
---
grub2 (2.02-2ubuntu8.3) bionic; urgency=medium
* Verify that the current and newer kernels are signed when grub is updated,
to
make sure people do not accidentally shutdown without a signed kernel.
(LP:
Installed -ubuntu8.3 / signed 1.93.4 from proposed and ran some tests. I
fixed the script to use a different dir instead of
/sys/firmware/efi/efivars and created deleted the flags for secure boot
in there, as I could not get my container to read from the original dir,
even after bind mounting mock
Hello Julian, or anyone else affected,
Accepted grub2-signed into bionic-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/grub2-signed/1.93.4 in a few hours,
and then in the -proposed repository.
Please help us by testing this new package. See
Hello Julian, or anyone else affected,
Accepted grub2 into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Description changed:
[Impact]
grub2 should fail to install if no signed kernels exist
[Test case]
- TODO
+ On a secure boot system:
+ * Install grub-efi-amd64{,signed} and signed kernel => installs
+ * Install grub-efi-amd64{,signed} and only unsigned kernel => prevents
+ On a
** Changed in: grub2-signed (Ubuntu Bionic)
Status: Triaged => In Progress
** Changed in: grub2 (Ubuntu Bionic)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags added: id-5acce45de43bb8c279b5bec8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786491
Title:
grub2 verify signed kernel exists or abort upgrade
To manage notifications about this bug go
This bug was fixed in the package grub2-signed - 1.102
---
grub2-signed (1.102) cosmic; urgency=medium
* Call grub-check-signatures before calling grub-install, not after, to
avoid overwriting the boot loader on disk with one that will fail to
load. LP: #1786491.
--
** Changed in: grub2-signed (Ubuntu Cosmic)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786491
Title:
grub2 verify signed kernel exists or abort upgrade
grub2-signed in cosmic still runs the checking script too late (after
grub-install instead of before), that needs to be fixed first.
** Changed in: grub2-signed (Ubuntu Cosmic)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs,
11 matches
Mail list logo