Comment 21 for bug 1904906
Revision history for this message
| bugproxy (bugproxy) wrote Comment bridged from LTC Bugzilla | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
------- Comment From <email address hidden> 2020-12-17 23:45 EDT-------
Squeezing in right before the end of the year! I tested this with my pseries secure boot setup. I built the key from the PPA into grub and signed grub with the testing key which I built into SLOF.
I was then able to boot 5.10.0-9-generic in secure boot mode under P8 KVM.
The kernel correctly detected secure boot mode and entered lockdown:
[ 0.000000] Secure boot mode enabled
[ 0.000000] Kernel is locked down from PowerNV Secure Boot mode; see man kernel_lockdown.7
(The text is a bit of a misnomer, but that's of no consequence.)
Lockdown appears to work as expected, I can't open /dev/mem for example.
Given LP: #1903288 / BZ 189099, I didn't test kexec.
In summary, I don't see anything from booting with secure boot on or off that would prevent you promoting 5.10 for hirsute.
Enjoy your end of year break!
Kind regards,
Daniel