load with kernel vmlinuz-6.5.0-4-generic
- without secure boot enable
- without adding the signature
IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
--- Audit message summary end ---
OK00000000 Success
load with kernel vmlinuz-6.5.0-4-generic
- with secure boot enable
- without adding the signature
IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
--- Audit message summary end ---
MLOLOA6269321F A security violation error was encountered when loading from devi
ce HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
IPL failed (110).
load with kernel vmlinuz-6.5.0-4-generic
- with secure boot enable
- with adding the signature
IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
--- Audit message summary end ---
MLOLOA6269321F A security violation error was encountered when loading from devi
ce HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
IPL failed (110).
==> boot with secure boot enable and adding the certificate still didn't work
we used this Certificate:
openssl x509 -text -in sipl.x509
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a1:b6:a0:75:09:df:f4:18
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN = PPA canonical-kernel-team unstable SIPL
Validity
Not Before: Aug 23 20:47:25 2019 GMT
Not After : Aug 20 20:47:25 2029 GMT
Subject: CN = PPA canonical-kernel-team unstable SIPL
...
...
------- Comment From <email address hidden> 2023-08-17 03:32 EDT------- kernel- team/unstable: CODENAME= mantic ipl/*sec* ipl/has_ secure: 1 ipl/secure: 0 img-6.5. 0-4-generic 6.5.0-4- generic
we installed from ppa:canonical-
# cat /etc/os-release
PRETTY_NAME="Ubuntu Mantic Minotaur (development branch)"
NAME="Ubuntu"
VERSION_ID="23.10"
VERSION="23.10 (Mantic Minotaur)"
VERSION_
...
...
# uname -r
6.5.0-4-generic
# grep [0-9] /sys/firmware/
/sys/firmware/
/sys/firmware/
# ls -l /boot/vmlinuz /boot/initrd.img
lrwxrwxrwx 1 root root 26 Aug 15 09:19 /boot/initrd.img -> initrd.
lrwxrwxrwx 1 root root 23 Aug 15 09:19 /boot/vmlinuz -> vmlinuz-
load with kernel vmlinuz- 6.5.0-4- generic
- without secure boot enable
- without adding the signature
IPB received. 1900,WWPN: 500507630710572 C,LUN:4020404E0 0000000.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.
--- Audit message summary end ---
OK00000000 Success
load with kernel vmlinuz- 6.5.0-4- generic
- with secure boot enable
- without adding the signature
IPB received. 1900,WWPN: 500507630710572 C,LUN:4020404E0 0000000. 1900,WWPN: 500507630710572 C,LUN:4020404E0 0000000.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.
--- Audit message summary end ---
MLOLOA6269321F A security violation error was encountered when loading from devi
ce HBA:0.0.
IPL failed (110).
load with kernel vmlinuz- 6.5.0-4- generic
- with secure boot enable
- with adding the signature
IPB received. 1900,WWPN: 500507630710572 C,LUN:4020404E0 0000000. 1900,WWPN: 500507630710572 C,LUN:4020404E0 0000000.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.
--- Audit message summary end ---
MLOLOA6269321F A security violation error was encountered when loading from devi
ce HBA:0.0.
IPL failed (110).
==> boot with secure boot enable and adding the certificate still didn't work
we used this Certificate: 75:09:df: f4:18 cryption kernel- team unstable SIPL kernel- team unstable SIPL
openssl x509 -text -in sipl.x509
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a1:b6:a0:
Signature Algorithm: sha512WithRSAEn
Issuer: CN = PPA canonical-
Validity
Not Before: Aug 23 20:47:25 2019 GMT
Not After : Aug 20 20:47:25 2029 GMT
Subject: CN = PPA canonical-
...
...
this was tested on our Z16 machine