Public bug reported: [Impact]
* 2.06 grub + linuxefi patches submit kernel.efi for validation twice. Once via shim-lock protocol, and again directly. * this results in duplicate measurements for vmlinuz on classic and kernel.efi on core and breaks measured & attested boot. [Test Plan] * Boot classic & core systems with this grub and decode pcr measurements using https://github.com/canonical/tcglog-parser which should only show a single measurement for the kernels. [Where problems could occur] * People relying on measured/attested boot using pre-release jammy grub will experience a change of measurements, which is now becomming stable relative to focal once again. ** Affects: grub2 (Ubuntu) Importance: Undecided Status: New ** Affects: grub2 (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: grub2 (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: grub2 (Ubuntu Jammy) Milestone: None => ubuntu-22.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964943 Title: Do not validate kernels twice To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1964943/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
