** Description changed: + [Impact] + Validating signature using sbsigntool for EFI binaries on Precise. + + [Test case] + 1) pull-lp-source shim-signed + 2) sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed + + [Regression potential] + This is dependent on the date of the system being correct -- wrong date may cause an unexpected success or failure of the test case. + + --- + UEFI shim verification fails (PKCS7 verification failed) with the images of 20131003 against the microsoft-uefica-public. keys present in http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/files/head:/notes_testing/secure-boot/keys/ The following is the failure results (http://bazaar.launchpad.net/~utah/utah/dev/view/head:/utah/isotest/iso_static_validation.py) DEBUG: Using iso at: /tmp/utah-saucy-server-amd64.iso INFO: Preparing image: /tmp/utah-saucy-server-amd64.iso INFO: /tmp/utah-saucy-server-amd64.iso is locally available as /tmp/utah-saucy-server-amd64.iso INFO: Getting image type of /tmp/utah-saucy-server-amd64.iso DEBUG: bsdtar list command: bsdtar -t -f /tmp/utah-saucy-server-amd64.iso INFO: Image type is: server DEBUG: Using normal image DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./.disk/info DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O .disk/info INFO: Arch is: amd64 INFO: Series is saucy DEBUG: Standard name for this iso is: saucy-server-amd64.iso DEBUG: Generating verification certificates DEBUG: Extracting UEFI boot and kernel images DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./EFI/BOOT/BOOTx64.EFI DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O EFI/BOOT/BOOTx64.EFI DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./EFI/BOOT/grubx64.efi DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O EFI/BOOT/grubx64.efi DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-server-amd64.iso ./install/vmlinuz DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-server-amd64.iso -O install/vmlinuz DEBUG: Verifying UEFI shim ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO) ERROR: Traceback (most recent call last): - File "/usr/lib/python2.7/unittest/case.py", line 327, in run - testMethod() - File "/usr/share/utah/isotest/iso_static_validation.py", line 481, in test_efi_secure_boot_signatures - self.assertEqual(stdout, 'Signature verification OK\n') - File "/usr/lib/python2.7/unittest/case.py", line 511, in assertEqual - assertion_func(first, second, msg=msg) - File "/usr/lib/python2.7/unittest/case.py", line 504, in _baseAssertEqual - raise self.failureException(msg) + File "/usr/lib/python2.7/unittest/case.py", line 327, in run + testMethod() + File "/usr/share/utah/isotest/iso_static_validation.py", line 481, in test_efi_secure_boot_signatures + self.assertEqual(stdout, 'Signature verification OK\n') + File "/usr/lib/python2.7/unittest/case.py", line 511, in assertEqual + assertion_func(first, second, msg=msg) + File "/usr/lib/python2.7/unittest/case.py", line 504, in _baseAssertEqual + raise self.failureException(msg) AssertionError: 'PKCS7 verification failed\nSignature verification failed\n' != 'Signature verification OK\n'
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1234649 Title: UEFI shim verification against microsoft-uefica-public.pem fails with 20131003 saucy images To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1234649/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
