[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key

Fri, 20 Jan 2023 04:27:14 -0800 

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Kinetic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Kinetic)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Jammy)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Focal)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Focal)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2002812

Title:
  Revoke & rotate to new signing key

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed

Bug description:
  [ Impact ]

   * Revoke & rotate to new signing key

   * Update revocations, which match the next Ubuntu shim 15.7
  revocations. Specifically - revoke certs that were previously
  protected with by-hash revocations, revoke lost/unused certificates.

   * Start using advantage2021v1 and ubuntu2022v1 signing keys.

   * This is a routine key rotation.

  [ Test Plan ]

   * Check that old shim/grub boot this kernel
   * Check that the upcomming future shim/grub can boot this kernel
   * Check that these kernels can do signed kexec into itself

  [ Where problems could occur ]

   * Kernels with this patch applied should be signed using ubuntu/4
  pro/3 core/2 signing streams.

  [ Other Info ]
   
   * TPM PCR values and measurements will change when changing the signing key

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to