To double check that signature is present on /boot/vmlinuz you can use the extract-module-sig.pl from the linux source tree scripts directly and then run something like this:
$ sudo perl linux/scripts/extract-module-sig.pl -d /boot/vmlinuz
Read 8163896 bytes from module file
Found magic number at 8163896
Found PKCS#7/CMS encapsulation
Found 528 bytes of signature [3082020c06092a864886f70d010702a0]
0 0 2 0 0 528
In above logs zipl.conf is shown to be like this:
root@t35lp36:~# cat /etc/zipl.conf
[defaultboot]
defaultmenu = menu
secure=1
:menu
target = /boot
1 = ubuntu
2 = old
default = 1
prompt = 1
timeout = 10
However, for me, setting secure like that has never worked.
Instead i had to set secure=1 on the ':menu' portion of the zipl.conf file, i.e.
root@t35lp36:~# cat /etc/zipl.conf
[defaultboot]
defaultmenu = menu
:menu
target = /boot
1 = ubuntu
2 = old
default = 1
prompt = 1
timeout = 10
secure=1
Can it be that this is leading to incorrect testing?
Also I wanted to make sure you have the right kernel installed.
Can you please doublecheck output for all of the below commands is the same for you?
$ dpkg-query -W linux-image- 5.4.0-12- generic 5.4.0-12- generic 5.4.0-12.15
linux-image-
$ sudo md5sum /boot/vmlinuz /boot/vmlinuz- 5.4.0-12- generic 0bd3b30f1208555 4b /boot/vmlinuz 0bd3b30f1208555 4b /boot/vmlinuz- 5.4.0-12- generic
6e2c2d81d3fa1d5
6e2c2d81d3fa1d5
$ grep vmlinuz /var/lib/ dpkg/info/ linux-image- 5.4.0-12- generic. md5sums 0bd3b30f1208555 4b boot/vmlinuz- 5.4.0-12- generic
6e2c2d81d3fa1d5
To double check that signature is present on /boot/vmlinuz you can use the extract- module- sig.pl from the linux source tree scripts directly and then run something like this:
$ sudo perl linux/scripts/ extract- module- sig.pl -d /boot/vmlinuz 864886f70d01070 2a0]
Read 8163896 bytes from module file
Found magic number at 8163896
Found PKCS#7/CMS encapsulation
Found 528 bytes of signature [3082020c06092a
0 0 2 0 0 528