| 2022-05-10 08:25:30 |
Ivan Hu |
bug |
|
|
added bug |
| 2022-05-10 08:25:31 |
Yuan-Chen Cheng |
tags |
|
oem-priority |
|
| 2022-05-10 08:27:09 |
Ivan Hu |
information type |
Proprietary |
Public |
|
| 2022-05-10 08:30:28 |
AceLan Kao |
bug task added |
|
linux-oem-5.17 (Ubuntu) |
|
| 2022-05-10 08:30:43 |
AceLan Kao |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-05-10 08:30:43 |
AceLan Kao |
bug task added |
|
linux-oem-5.17 (Ubuntu Jammy) |
|
| 2022-05-10 08:30:43 |
AceLan Kao |
nominated for series |
|
Ubuntu Kinetic |
|
| 2022-05-10 08:30:43 |
AceLan Kao |
bug task added |
|
linux-oem-5.17 (Ubuntu Kinetic) |
|
| 2022-05-10 08:30:54 |
AceLan Kao |
bug task added |
|
linux (Ubuntu) |
|
| 2022-05-10 08:31:04 |
AceLan Kao |
linux (Ubuntu Jammy): status |
New |
Invalid |
|
| 2022-05-10 08:31:07 |
AceLan Kao |
linux-oem-5.17 (Ubuntu Kinetic): status |
New |
Invalid |
|
| 2022-05-10 08:31:11 |
AceLan Kao |
linux (Ubuntu Kinetic): status |
New |
In Progress |
|
| 2022-05-10 08:31:14 |
AceLan Kao |
linux-oem-5.17 (Ubuntu Jammy): status |
New |
In Progress |
|
| 2022-05-10 08:31:27 |
AceLan Kao |
linux (Ubuntu Kinetic): assignee |
|
Ivan Hu (ivan.hu) |
|
| 2022-05-10 08:31:34 |
AceLan Kao |
linux-oem-5.17 (Ubuntu Jammy): assignee |
|
Ivan Hu (ivan.hu) |
|
| 2022-05-10 09:16:40 |
Ivan Hu |
description |
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for fixing the patch
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on and load the kernel module by either modprobe or insmod.
[Regression Risk]
Low. only affect the checking secureboot enable function. |
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for fixing the patch
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on and load the kernel module by either modprobe or insmod.
[Where problems could occur]
Low. only affect the checking secureboot enable function. |
|
| 2022-05-13 03:12:42 |
Yuan-Chen Cheng |
tags |
oem-priority |
oem-priority originate-from-1969557 somerville |
|
| 2022-05-13 03:12:47 |
Yuan-Chen Cheng |
oem-priority: importance |
Undecided |
Critical |
|
| 2022-05-13 03:12:50 |
Yuan-Chen Cheng |
oem-priority: status |
New |
Triaged |
|
| 2022-05-13 18:05:51 |
Timo Aaltonen |
linux-oem-5.17 (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
| 2022-06-02 08:17:38 |
Yuan-Chen Cheng |
oem-priority: status |
Triaged |
Fix Committed |
|
| 2022-06-02 08:17:54 |
Yuan-Chen Cheng |
oem-priority: assignee |
|
Yuan-Chen Cheng (ycheng-twn) |
|
| 2022-06-03 06:24:08 |
Timo Aaltonen |
tags |
oem-priority originate-from-1969557 somerville |
oem-priority originate-from-1969557 somerville verification-done-jammy |
|
| 2022-06-07 19:12:17 |
Launchpad Janitor |
linux-oem-5.17 (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-06-07 19:12:17 |
Launchpad Janitor |
cve linked |
|
2022-1966 |
|
| 2022-06-07 19:12:17 |
Launchpad Janitor |
cve linked |
|
2022-1972 |
|
| 2022-06-08 00:13:09 |
Yuan-Chen Cheng |
oem-priority: status |
Fix Committed |
Fix Released |
|
| 2022-09-02 17:48:00 |
Launchpad Janitor |
linux (Ubuntu Kinetic): status |
In Progress |
Fix Released |
|
