OEM Priority Project

  1. Bug #1939565
  2. Comment #6

Comment 6 for bug 1939565

Revision history for this message
Ivan Hu (ivan.hu) wrote :

Manually test with my UEFI develop kit(RainbowPass) platform by following procedures and cannot reproduce this issue.

1. install focal
2. update shim-signed to 1.40.6+15.4.0ubuntu7 and grub2 to 2.04-1ubuntu26.12
3. install mainline kernel(unsigned), https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.18/
4. check or create test kernel key
   * mkdir -p /var/lib/test_ker/
   * openssl genrsa -out /var/lib/test_ker/TestKer.priv 2048
   * openssl req -new -x509 -sha256 -subj '/CN=TestKer-key' -key /var/lib/test_ker/TestKer.priv -out /var/lib/test_ker/TestKer.pem
   * openssl x509 -in /var/lib/test_ker/TestKer.pem -inform PEM -out /var/lib/test_ker/TestKer.der -outform DER
5. signed kernel
  * sbsign --key /var/lib/test_ker/TestKer.priv --cert /var/lib/test_ker/TestKer.pem --output vmlinuz-5.8.18-05.0818-generic.signed vmlinuz-5.8.18-05.0818-generic
6. enroll mok key
 * mokutil --import Testker.der
7. reboot