> On Ubuntu 20.04, the binary_bios_measurements > do NOT contain the measurements for the kernel > binary and the kernel signer cert that is > typically measured by the shim.
It is my understanding that it is correct to not measure the certificate for the kernel: per the specs, because grub and the kernel are signed with keys that chain back to the same cert trusted by shim, this certificate should only be measured once. There were bugs in earlier versions of shim that have since been fixed. I do not recall if there were reasons to stop measuring the hash of the kernel, or to change where it is measured. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929454 Title: Bios measurements do not contain measurements for the kernel binary and kernel signer cert. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1929454/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
