Ubuntu
linux-kvm package

  1. Impish (21.10)
  2. Bug #1942319
  3. Activity log

Activity log for bug #1942319

Date Who What changed Old value New value Message
2021-09-01 10:27:51 Dimitri John Ledkov bug added bug
2021-10-05 10:43:25 Dimitri John Ledkov description When booting with UEFI, mokvar table and %:.platform keyring must be available [Impact] * When booting with UEFI, mokvar table and %:.platform keyring must be available. These are required for builtin revocation certificates to be present, shim builtin certificates to be present and thus support to signed & verified kexec present. It also allows revocation of signed lrm and livepatch drivers which are trusted by this kernel. * The kvm annotations are very minimal, v3 format, and the parent kernel's annotations are not enforced. [Test Plan] * Check that /sys/firmware/efi/mok-variables/ is available * Check that %:.blacklist keyring is populated $ sudo keyctl list %:.blacklist * Check that %:.platform keyring is populated $ sudo keyctl list %:.platform [Where problems could occur] * Given how small the kvm config is, it is not clear if all of lockdown features are correctly enabled. Specifically measuring and appraising things with integrity framework. It is possible further config changes will be required to make kvm flavour as hardened as generic one. [Other Info] * This issue was discovered whilst working on https://bugs.launchpad.net/bugs/1928679 and https://bugs.launchpad.net/bugs/1932029
2021-10-14 15:16:55 Kleber Sacilotto de Souza nominated for series Ubuntu Impish
2021-10-14 15:16:55 Kleber Sacilotto de Souza bug task added linux-kvm (Ubuntu Impish)
2021-10-14 15:28:50 Kleber Sacilotto de Souza linux-kvm (Ubuntu Impish): status New Fix Committed
2021-10-27 11:36:53 Ubuntu Kernel Bot tags verification-needed-impish
2021-11-03 12:24:41 Dimitri John Ledkov tags verification-needed-impish verification-done-impish
2021-11-08 14:31:21 Launchpad Janitor linux-kvm (Ubuntu Impish): status Fix Committed Fix Released
2021-11-08 14:31:21 Launchpad Janitor cve linked 2021-3759
2021-11-23 16:06:07 Launchpad Janitor linux-kvm (Ubuntu): status Fix Committed Fix Released
2021-11-23 16:06:07 Launchpad Janitor cve linked 2021-3744
2021-11-23 16:06:07 Launchpad Janitor cve linked 2021-3764