Missing measurements on confidential computing platforms (Intel TDX)
Bug #2069232 reported by
Hector CAO
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Kobuk project |
Confirmed
|
Medium
|
Hector CAO | ||
grub |
Unknown
|
Unknown
|
|||
grub2-signed (Ubuntu) |
New
|
Undecided
|
Mate Kukri | ||
grub2-unsigned (Ubuntu) |
Fix Released
|
Undecided
|
Mate Kukri |
Bug Description
When we run a Confidential VM with grub bootlodaer on Intel TDX platform, the module tpm is not loaded and boot measurements are not done for the guest VM.
This bug will prevent grub of doing measurements on confidential computing platform
(the bug has been confirmed on Intel TDX). This lack of measurements will break the
remote attestation
See upstream bug : https:/
Upstream fix : https:/
Changed in grub2 (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Hector CAO (hectorcao) |
Changed in kobuk: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Hector CAO (hectorcao) |
To post a comment you must log in.
Reassigning to the correct package. This also needs a grub2-signed task.
We can pick this patch up or if you have experience working with a gbp-pq managed repository you could propose a merge for that. Either way, only the UEFI team can actually release any grub updates due to signing.