Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot
Bug #1866909 reported by
bugproxy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Ubuntu-power-systems project |
Fix Released
|
Undecided
|
Ubuntu on IBM Power Systems Bug Triage | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Canonical Kernel Team |
Bug Description
== Comment: #0 - George C. Wilson <email address hidden> - 2020-02-25 18:40:44 ==
- sysfs enablement: TBD
- ima: arch specific policy support 6191706246de
- platform keyring changes for powerpc: TBD
- Appended signatures support for IMA appraisal 39b07096364a42c
- integrity: Define a trusted platform keyring: 9dc92c45177a
- ima: Support platform keyring for kernel appraisal: d7cecb676dd3
- TPM 2.0 Multibank extend support: c1f92b4b04ad
- TPM 2.0 Eventlog support: 4d23cc323cdb
- ima: carry the measurement list across kexec: d68a6fe9fccf
- kexec_file_load system call support: 500c7ab1a9db
CVE References
tags: | added: architecture-ppc64le bugnameltc-184073 severity-high targetmilestone-inin2004 |
Changed in ubuntu: | |
assignee: | nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
affects: | ubuntu → kernel-package (Ubuntu) |
affects: | kernel-package (Ubuntu) → linux (Ubuntu) |
Changed in ubuntu-power-systems: | |
assignee: | nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
Changed in linux (Ubuntu): | |
assignee: | Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) → Canonical Kernel Team (canonical-kernel-team) |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in ubuntu-power-systems: | |
status: | Incomplete → Confirmed |
Changed in ubuntu-power-systems: | |
status: | Confirmed → Fix Committed |
Changed in ubuntu-power-systems: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I had a first glimpse at the patches/commits, and found out that:
The following commits are already in 'focal' aka 20.04 (even in master, hence they are in the current focal kernel):
8c655784e2cf "integrity: Define a trusted platform keyring"
f218a29c25ad "ima: Support platform keyring for kernel appraisal"
467d27824920 "ima: carry the measurement list across kexec"
So these can be considered as done.
The following commits are yet neither in the linux tree, nor in linux-next:
"ima: arch specific policy support"
"Appended signatures support for IMA appraisal"
"TPM 2.0 Multibank extend support"
"TPM 2.0 Eventlog support"
"kexec_file_load system call support"
I assume they are currently on a staging tree?!
And the two TBDs are not ready, yet, but probably in the works.
Please notice that the patches need to be upstream (accepted) for Canonical to be able to pick them up. /git.launchpad. net/~ubuntu- kernel/ ubuntu/ +source/ linux/+ git/focal --branch master-next --single-branch focal-master-next
And they need to apply cleanly on top of the target kernel's master-next tree (in this case 'focal' master-next):
git clone https:/
Due to the fact that there seems to be still some work needed,
and because the patches look pretty significant and touch common-code
and that we are already quite late in the 'focal' development cycle,
I'm not sure if it will be possible to get them into the initial release version of 20.04.
But at the end it depends on the (upstream) availability and the Canonical kernel team.
As soon as all commits/patches are available and apply cleanly,
I'll submit a request to the Canonical kernel team's mailing list and a decision will finally be made by the kernel team.
For now I'm setting the status to Incomplete.