In above logs zipl.conf is shown to be like this: root@t35lp36:~# cat /etc/zipl.conf [defaultboot] defaultmenu = menu secure=1
:menu target = /boot 1 = ubuntu 2 = old default = 1 prompt = 1 timeout = 10 However, for me, setting secure like that has never worked. Instead i had to set secure=1 on the ':menu' portion of the zipl.conf file, i.e. root@t35lp36:~# cat /etc/zipl.conf [defaultboot] defaultmenu = menu :menu target = /boot 1 = ubuntu 2 = old default = 1 prompt = 1 timeout = 10 secure=1 Can it be that this is leading to incorrect testing? Also I wanted to make sure you have the right kernel installed. Can you please doublecheck output for all of the below commands is the same for you? $ dpkg-query -W linux-image-5.4.0-12-generic linux-image-5.4.0-12-generic 5.4.0-12.15 $ sudo md5sum /boot/vmlinuz /boot/vmlinuz-5.4.0-12-generic 6e2c2d81d3fa1d50bd3b30f12085554b /boot/vmlinuz 6e2c2d81d3fa1d50bd3b30f12085554b /boot/vmlinuz-5.4.0-12-generic $ grep vmlinuz /var/lib/dpkg/info/linux-image-5.4.0-12-generic.md5sums 6e2c2d81d3fa1d50bd3b30f12085554b boot/vmlinuz-5.4.0-12-generic To double check that signature is present on /boot/vmlinuz you can use the extract-module-sig.pl from the linux source tree scripts directly and then run something like this: $ sudo perl linux/scripts/extract-module-sig.pl -d /boot/vmlinuz Read 8163896 bytes from module file Found magic number at 8163896 Found PKCS#7/CMS encapsulation Found 528 bytes of signature [3082020c06092a864886f70d010702a0] 0 0 2 0 0 528 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860531 Title: IPL on z15 always performed regardless of the secure-boot related settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1860531/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
