grub2 verify signed kernel exists or abort upgrade
Bug #1786491 reported by
Julian Andres Klode
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
grub2-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
grub2 should fail to install if no signed kernels exist
[Test case]
On a secure boot system:
* Install grub-efi-
* Install grub-efi-
On a non-secure-boot system:
* Install grub-efi-
[Regression potential]
Upgrades can break.
Changed in grub2-signed (Ubuntu Cosmic): | |
status: | New → Fix Released |
Changed in grub2 (Ubuntu Cosmic): | |
status: | New → Fix Released |
Changed in grub2-signed (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in grub2 (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in grub2-signed (Ubuntu Cosmic): | |
status: | Triaged → Fix Committed |
tags: | added: id-5acce45de43bb8c279b5bec8 |
Changed in grub2-signed (Ubuntu Bionic): | |
status: | Triaged → In Progress |
Changed in grub2 (Ubuntu Bionic): | |
status: | Triaged → In Progress |
description: | updated |
To post a comment you must log in.
grub2-signed in cosmic still runs the checking script too late (after grub-install instead of before), that needs to be fixed first.