------- Comment From [email protected] 2020-12-17 23:45 EDT------- Squeezing in right before the end of the year! I tested this with my pseries secure boot setup. I built the key from the PPA into grub and signed grub with the testing key which I built into SLOF.
I was then able to boot 5.10.0-9-generic in secure boot mode under P8 KVM. The kernel correctly detected secure boot mode and entered lockdown: [ 0.000000] Secure boot mode enabled [ 0.000000] Kernel is locked down from PowerNV Secure Boot mode; see man kernel_lockdown.7 (The text is a bit of a misnomer, but that's of no consequence.) Lockdown appears to work as expected, I can't open /dev/mem for example. Given LP: #1903288 / BZ 189099, I didn't test kexec. In summary, I don't see anything from booting with secure boot on or off that would prevent you promoting 5.10 for hirsute. Enjoy your end of year break! Kind regards, Daniel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1904906 Title: 5.10 kernel fails to boot with secure boot disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1904906/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
