------- Comment From naynj...@ibm.com 2020-04-02 21:53 EDT------- The kernel seems to be having the secure boot functions after enabling those CONFIGs. Now, I was trying to boot to this kernel when secure boot is enabled.
I have taken the key from here - ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/signed.tar.gz I have taken opal.x509 in the control directory as the key. The secure boot is enabled "os-secure-enforcing" and .platform has loaded the key. # cd /proc/device-tree/ibm,secureboot/ # ls compatible ibm,cvc phandle hw-key-hash name secure-enabled hw-key-hash-size os-secureboot-enforcing trusted-enabled # keyctl show %keyring:.platform Keyring 337432176 ---lswrv 0 0 keyring: .platform 471022331 ---lswrv 0 0 \_ asymmetric: DB: e6b84e62dbbd988abbfda008355aa6a08001c58c However, it seems the verification is failing as shown below: # kexec -s /var/petitboot/mnt/dev/sdb6/boot/vmlinux-5.4.0-21-generic file_load failed: Permission denied I have two questions: * I hope the key is right. * I hope the signature is not stored as detached file because that is how I saw it in - ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/signed.tar.gz. Please confirm. I will continue to look at it more. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs