Missing measurements on confidential computing platforms (Intel TDX)
Bug #2069232 reported by
Hector CAO
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| The Kobuk project |
Confirmed
|
Medium
|
Hector CAO | ||
| grub |
Unknown
|
Unknown
|
|||
| grub2-signed (Ubuntu) |
New
|
Undecided
|
Mate Kukri | ||
| grub2-unsigned (Ubuntu) |
Confirmed
|
Undecided
|
Mate Kukri | ||
Bug Description
When we run a Confidential VM with grub bootlodaer on Intel TDX platform, the module tpm is not loaded and boot measurements are not done for the guest VM.
This bug will prevent grub of doing measurements on confidential computing platform
(the bug has been confirmed on Intel TDX). This lack of measurements will break the
remote attestation
See upstream bug : https:/
Upstream fix : https:/
| Changed in grub2 (Ubuntu): | |
| status: | New → Confirmed |
| assignee: | nobody → Hector CAO (hectorcao) |
| Changed in kobuk: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| assignee: | nobody → Hector CAO (hectorcao) |
Revision history for this message
| Julian Andres Klode (juliank) wrote | #1 |
| affects: | grub2 (Ubuntu) → grub2-unsigned (Ubuntu) |
Revision history for this message
| Mate Kukri (mkukri) wrote | #2 |
| Changed in grub2-unsigned (Ubuntu): | |
| assignee: | Hector CAO (hectorcao) → Mate Kukri (mkukri) |
| Changed in grub2-signed (Ubuntu): | |
| assignee: | nobody → Mate Kukri (mkukri) |
Revision history for this message
| Hector CAO (hectorcao) wrote | #3 |
Revision history for this message
| Mate Kukri (mkukri) wrote | #4 |
To post a comment you must log in.
Reassigning to the correct package. This also needs a grub2-signed task.
We can pick this patch up or if you have experience working with a gbp-pq managed repository you could propose a merge for that. Either way, only the UEFI team can actually release any grub updates due to signing.