© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Hi All,
I've made a very rough and ready script that creates a Unified Kernel Image (thanks again to the Arch Wiki authors!) that mitigates (to some degree) the issue raised in the last post (and earlier by @vorlon).
https:/
I've tested it on my laptop and it works for me to capture the current kernel, initrd, cmdline etc. into one file that is then measured. I've done very brief testing that a new key is added and only automatically unlocked when booting that UKI. Seems to work, but I'll not be surprised if there are some important features that need to be added still.
It would be great if someone is willing to confirm it works for them, then I'll look at how to get these two components put in to Ubuntu (I don't expect that'll be quick/easy!)
I'd not be surprised to find that there are more security issues that need to be addressed, but short of going full on 'secure boot' (which I may still do in time) I doubt anything will be perfect. In short, it's another small step in the right direction.
Thanks!
Will.