Comment 9 for bug 1711203
Revision history for this message
| Ryan Harper (raharper) wrote Re: [Bug 1711203] Re: Deployments fail when Secure Boot enabled | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Rod,
Thanks for the follow-up.
In some sense, if my analysis is correct, the problem is caused by Shim
> "tightening the screws" on Secure Boot policy; however, those changes
> are done for a reason (to improve security), so the solution should be
> to ensure that the GRUB versions MAAS and curtin deploy perform the
> checks that Shim wants, and that the kernels we install are signed.
>
Curtin/MAAS will install the linux-image-generic kernel for the specific
release
unless otherwise specified by MAAS in their kernel config mapping.
If there is a specific kernel package that *should* be selected instead of
the linux-image-generic kernel then MAAS/Curtin need to know:
1) what is that package name
2) how to know when to use (1) instead of linux-image-generic
A quick search of apt-cache shows
linux-signed-
Which appears to be what we'd want to use in the Secure Boot path.
In one of the other bugs I believe I had asked how curtin or MAAS can
detect whether a platform is configured for SecureBoot, but I didn't see
a definitive answer.