UEFI shim verification against microsoft-uefica-public.pem fails with 20131003 saucy images
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sbsigntool (Ubuntu) |
Fix Released
|
Medium
|
Steve Langasek | ||
Precise |
Fix Released
|
Medium
|
Mathieu Trudel-Lapierre | ||
Quantal |
Won't Fix
|
Undecided
|
Unassigned | ||
Raring |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Validating signature using sbsigntool for EFI binaries on Precise.
[Test case]
1) pull-lp-source shim-signed
2) sbverify --cert MicCorUEFCA2011
[Regression potential]
This is dependent on the date of the system being correct -- wrong date may cause an unexpected success or failure of the test case.
---
UEFI shim verification fails (PKCS7 verification failed) with the images of 20131003 against the microsoft-
http://
The following is the failure results (http://
DEBUG: Using iso at: /tmp/utah-
INFO: Preparing image: /tmp/utah-
INFO: /tmp/utah-
INFO: Getting image type of /tmp/utah-
DEBUG: bsdtar list command: bsdtar -t -f /tmp/utah-
INFO: Image type is: server
DEBUG: Using normal image
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-
INFO: Arch is: amd64
INFO: Series is saucy
DEBUG: Standard name for this iso is: saucy-server-
DEBUG: Generating verification certificates
DEBUG: Extracting UEFI boot and kernel images
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-
DEBUG: Verifying UEFI shim
ERROR: test_efi_
ERROR: Traceback (most recent call last):
File "/usr/lib/
testMethod()
File "/usr/share/
self.
File "/usr/lib/
assertion_
File "/usr/lib/
raise self.failureExc
AssertionError: 'PKCS7 verification failed\nSignature verification failed\n' != 'Signature verification OK\n'
Related branches
affects: | linux-signed (Ubuntu) → shim-signed (Ubuntu) |
summary: |
UEFI shim verification against microsoft-uefica-public.pem fails with - 20131003 images + 20131003 saucy images |
Changed in sbsigntool (Ubuntu Precise): | |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu Quantal): | |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu Raring): | |
status: | New → Triaged |
Changed in sbsigntool (Ubuntu Precise): | |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
Changed in sbsigntool (Ubuntu Quantal): | |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
Changed in sbsigntool (Ubuntu Raring): | |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
Changed in sbsigntool (Ubuntu Precise): | |
status: | Triaged → Won't Fix |
Changed in sbsigntool (Ubuntu Quantal): | |
status: | Triaged → Won't Fix |
Changed in sbsigntool (Ubuntu Precise): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
Changed in sbsigntool (Ubuntu Quantal): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
Changed in sbsigntool (Ubuntu Raring): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
status: | Triaged → Won't Fix |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Raring & 12.04.2 images are also affected, haven't checked quantal but I presume it's affected as well.