Enable secure boot on linux-azure

Bug #1754042 reported by David Coronel on 2018-03-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Marcelo Cerri
Xenial
Undecided
Marcelo Cerri
Bionic
Undecided
Marcelo Cerri

Bug Description

Impact: linux-azure needs to add support for secure boot to support Hyper-V Generation 2 Virtual Machines.

Fix: UEFI support needs to be enabled for linux-azure and new signed package needs to be created it for that.

Testcase: After installing the new linux-azure kernel with UEFI support and the linux-signed-azure package on a gen2 azure instance or on a hyperv virtual machine with secure boot enabled, the user should be able to still boot normally and /proc/sys/kernel/secure_boot should have the value "1".

Marcelo Cerri (mhcerri) on 2018-03-07
description: updated
Changed in linux-azure (Ubuntu Xenial):
status: New → In Progress
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Bionic):
assignee: nobody → Marcelo Cerri (mhcerri)
Marcelo Cerri (mhcerri) on 2018-03-07
Changed in linux-azure (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.13.0-1012.15

---------------
linux-azure (4.13.0-1012.15) xenial; urgency=medium

  * linux-azure: 4.13.0-1012.15 -proposed tracker (LP: #1751799)

  * Enable secure boot on linux-azure (LP: #1754042)
    - Revert "UBUNTU: [debian] azure: do not build uefi signed binary"

  * [Hyper-v] Set CONFIG_I2C_PIIX4 to "n" (LP: #1752999)
    - [Config] azure: CONFIG_I2C_PIIX4=n

  * [Hyper-V] Drivers: hv: vmbus: Fix ring buffer signaling (LP: #1748662)
    - Revert "UBUNTU: SAUCE: vmbus: fix performance regression"
    - Revert "UBUNTU: SAUCE: vmbus: simplify packet iterator"
    - Revert "UBUNTU: SAUCE: vmbus: don't need to check interrupt mask on read
      side"
    - SAUCE: hv: vmbus: Fix ring buffer signaling

  * [Hyper-V] set config: CONFIG_EDAC_DECODE_MCE=y (LP: #1751123)
    - [Config] azure: CONFIG_EDAC_DECODE_MCE=y

 -- Marcelo Henrique Cerri <email address hidden> Wed, 07 Mar 2018 13:37:00 -0300

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (73.0 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1003.3

---------------
linux-azure (4.15.0-1003.3) bionic; urgency=medium

  * linux-azure: 4.15.0-1003.3 -proposed tracker (LP: #1757167)

  * Enable secure boot on linux-azure (LP: #1754042)
    - Revert "UBUNTU: [debian] azure: do not build uefi signed binary"

  * [Hyper-v] Set CONFIG_I2C_PIIX4 to "n" (LP: #1752999)
    - [Config] azure: CONFIG_I2C_PIIX4=n

  * [Hyper-V] set config: CONFIG_EDAC_DECODE_MCE=y (LP: #1751123)
    - [Config] azure: CONFIG_EDAC_DECODE_MCE=y

  * Miscellaneous Ubuntu changes
    - [Config] updateconfigs after rebase to Ubuntu-4.15.0-13.14
    - [Config] fix up retpoline abi files

  [ Ubuntu: 4.15.0-13.14 ]

  * linux: 4.15.0-13.14 -proposed tracker (LP: #1756408)
  * devpts: handle bind-mounts (LP: #1755857)
    - SAUCE: devpts: hoist out check for DEVPTS_SUPER_MAGIC
    - SAUCE: devpts: resolve devpts bind-mounts
    - SAUCE: devpts: comment devpts_mntget()
    - SAUCE: selftests: add devpts selftests
  * [bionic][arm64] d-i: add hisi_sas_v3_hw to scsi-modules (LP: #1756103)
    - d-i: add hisi_sas_v3_hw to scsi-modules
  * [Bionic][ARM64] enable ROCE and HNS3 driver support for hip08 SoC
    (LP: #1756097)
    - RDMA/hns: Refactor eq code for hip06
    - RDMA/hns: Add eq support of hip08
    - RDMA/hns: Add detailed comments for mb() call
    - RDMA/hns: Add rq inline data support for hip08 RoCE
    - RDMA/hns: Update the usage of sr_max and rr_max field
    - RDMA/hns: Set access flags of hip08 RoCE
    - RDMA/hns: Filter for zero length of sge in hip08 kernel mode
    - RDMA/hns: Fix QP state judgement before sending work requests
    - RDMA/hns: Assign dest_qp when deregistering mr
    - RDMA/hns: Fix endian problems around imm_data and rkey
    - RDMA/hns: Assign the correct value for tx_cqn
    - RDMA/hns: Create gsi qp in hip08
    - RDMA/hns: Add gsi qp support for modifying qp in hip08
    - RDMA/hns: Fill sq wqe context of ud type in hip08
    - RDMA/hns: Assign zero for pkey_index of wc in hip08
    - RDMA/hns: Update the verbs of polling for completion
    - RDMA/hns: Set the guid for hip08 RoCE device
    - net: hns3: Refactor of the reset interrupt handling logic
    - net: hns3: Add reset service task for handling reset requests
    - net: hns3: Refactors the requested reset & pending reset handling code
    - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface
    - net: hns3: Add mailbox support to VF driver
    - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support
    - net: hns3: Add HNS3 VF driver to kernel build framework
    - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC
    - net: hns3: Add mailbox support to PF driver
    - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox
    - net: hns3: Add mailbox interrupt handling to PF driver
    - net: hns3: add support to query tqps number
    - net: hns3: add support to modify tqps number
    - net: hns3: change the returned tqp number by ethtool -x
    - net: hns3: free the ring_data structrue when change tqps
    - net: hns3: get rss_size_max from configuration but not hardcode
    - net: hns3: add a mask initialization for ...

Changed in linux-azure (Ubuntu Bionic):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers