------- Comment From naynj...@ibm.com 2020-04-02 21:53 EDT------- The kernel seems to be having the secure boot functions after enabling those CONFIGs. Now, I was trying to boot to this kernel when secure boot is enabled.
I have taken the key from here - ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/signed.tar.gz I have taken opal.x509 in the control directory as the key. The secure boot is enabled "os-secure-enforcing" and .platform has loaded the key. # cd /proc/device-tree/ibm,secureboot/ # ls compatible ibm,cvc phandle hw-key-hash name secure-enabled hw-key-hash-size os-secureboot-enforcing trusted-enabled # keyctl show %keyring:.platform Keyring 337432176 ---lswrv 0 0 keyring: .platform 471022331 ---lswrv 0 0 \_ asymmetric: DB: e6b84e62dbbd988abbfda008355aa6a08001c58c However, it seems the verification is failing as shown below: # kexec -s /var/petitboot/mnt/dev/sdb6/boot/vmlinux-5.4.0-21-generic file_load failed: Permission denied I have two questions: * I hope the key is right. * I hope the signature is not stored as detached file because that is how I saw it in - ppa.launchpad.net/sforshee/lp1866909/ubuntu/dists/focal/main/signed/linux-ppc64el/current/signed.tar.gz. Please confirm. I will continue to look at it more. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot Status in The Ubuntu-power-systems project: Incomplete Status in linux package in Ubuntu: Incomplete Bug description: == Comment: #0 - George C. Wilson <gcwil...@us.ibm.com> - 2020-02-25 18:40:44 == - sysfs enablement: TBD - ima: arch specific policy support 6191706246de - platform keyring changes for powerpc: TBD - Appended signatures support for IMA appraisal 39b07096364a42c516415d5f841069e885234e61 - integrity: Define a trusted platform keyring: 9dc92c45177a - ima: Support platform keyring for kernel appraisal: d7cecb676dd3 - TPM 2.0 Multibank extend support: c1f92b4b04ad - TPM 2.0 Eventlog support: 4d23cc323cdb - ima: carry the measurement list across kexec: d68a6fe9fccf - kexec_file_load system call support: 500c7ab1a9db To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
