** Changed in: linux-oem-5.17 (Ubuntu Jammy)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.17 in Ubuntu.
https://bugs.launchpad.net/bugs/1972802
Title:
enable config for fixing 5.17 kernel won't load mok
Status in OEM Priority Project:
Triaged
Status in linux package in Ubuntu:
In Progress
Status in linux-oem-5.17 package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Invalid
Status in linux-oem-5.17 source package in Jammy:
Fix Committed
Status in linux source package in Kinetic:
In Progress
Status in linux-oem-5.17 source package in Kinetic:
Invalid
Bug description:
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY
for fixing the patch
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled"
was added to check if secureboot enabled for trusting the MOK key
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on
and load the kernel module by either modprobe or insmod.
[Where problems could occur]
Low. only affect the checking secureboot enable function.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1972802/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
