Comment 25 for bug 1696154

Thanks For Catching/Noticing and making repairs an adjustments

On Mon, Apr 23, 2018, 10:51 AM Launchpad Bug Tracker <
<email address hidden>> wrote:

> ** Branch linked: lp:~ubuntu-core-dev/debian-installer/ubuntu
>
> --
> You received this bug notification because you are subscribed to
> Launchpad itself.
> Matching subscriptions: Anthony
> https://bugs.launchpad.net/bugs/1696154
>
> Title:
> [18.04 FEAT] Sign POWER host/NV kernels
>
> Status in Launchpad itself:
> Fix Released
> Status in The Ubuntu-power-systems project:
> Fix Committed
> Status in linux package in Ubuntu:
> Fix Committed
> Status in linux-signed package in Ubuntu:
> Fix Committed
>
> Bug description:
> Feature Description:
>
> Sign POWER host and NV kernels with sign-file in anticipation of POWER
> secure boot. Provide the associated certificate. Ideally it would
> be possible to reuse the UEFI shim private key and certificate used to
> sign and verify x86_64 kernels. More details to follow. Guest
> kernels will be addressed in a future separate feature request.
>
>
> Business Case:
>
> As a system administrator I want to verify the integrity of my kernels
> so that I can prevent malicious kernels from being executed.
>
> Use Case:
>
> Signed POWER kernels will be validated by OPAL as OpenPOWER systems
> boot when keys are properly installed and the system is booted in
> secure mode.
>
>
> Test Case:
>
> Sign and install a POWER kernel on an OpenPOWER machine with a
> firmware level that supports secure boot. Install a PK, distro KEK
> certificat, and distro DB certificate. Boot the system and verify
> that it will boot the kernel. Negative tests: Separately remove the
> signature, install an usigned kernel, and modify the kernel image and
> test that the kernel will not boot.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/launchpad/+bug/1696154/+subscriptions
>