← Back to team overview

kernel-packages team mailing list archive

[Bug 1201444] Re: linux and linux-signed may becomes skewed due to loose dependancy (was Secure boot signature verification of linux kernel is failing with today's images)

 

This bug was fixed in the package linux-signed - 3.8.0-29.42

---------------
linux-signed (3.8.0-29.42) raring; urgency=low

  * Version 3.8.0-29.42

linux-signed (3.8.0-28.41) raring; urgency=low

  * Version 3.8.0-28.41

  [ Andy Whitcroft ]

  * Fix the version number constraint between linux and linux-signed to be
    '=' to ensure we cannot migrate linux without linux-signed being in
    lock step.  (LP: #1201444)
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Tue, 13 Aug 2013 12:33:59 -0700

** Changed in: linux-signed (Ubuntu Raring)
       Status: Fix Committed => Fix Released

** Changed in: linux-signed-lts-raring (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1201444

Title:
  linux and linux-signed may becomes skewed due to loose dependancy (was
  Secure boot signature  verification of linux kernel is failing with
  today's images)

Status in “linux-signed” package in Ubuntu:
  Fix Released
Status in “linux-signed-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-signed” source package in Precise:
  Invalid
Status in “linux-signed-lts-raring” source package in Precise:
  Fix Released
Status in “linux-signed” source package in Raring:
  Fix Released
Status in “linux-signed-lts-raring” source package in Raring:
  Invalid
Status in “linux-signed” source package in Saucy:
  Fix Released
Status in “linux-signed-lts-raring” source package in Saucy:
  Invalid

Bug description:
  Secure boot signature  verification of linux kernel (3.10.0-2-generic
  #11) is failing with today's images (20130715)  against the keys
  present in http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-
  regression-testing/master/files/head:/notes_testing/secure-boot/keys/

  The test_efi_secure_boot_signatures test in static validation test, present in http://bazaar.launchpad.net/~utah/utah/dev/view/head:/utah/isotest/iso_static_validation.py accounts for this test and the failure is as follows,
  --------------------------------------------------------------------------------
  __main__.TestValidateISO.test_efi_secure_boot_signatures

  --------------------------------------------------------------------------------
  DEBUG: Using iso at: /tmp/utah-saucy-desktop-amd64.iso
  INFO: Preparing image: /tmp/utah-saucy-desktop-amd64.iso
  INFO: /tmp/utah-saucy-desktop-amd64.iso is locally available as /tmp/utah-saucy-desktop-amd64.iso
  INFO: Getting image type of /tmp/utah-saucy-desktop-amd64.iso
  DEBUG: bsdtar list command: bsdtar -t -f /tmp/utah-saucy-desktop-amd64.iso
  INFO: Image type is: desktop
  DEBUG: Using normal image
  DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./.disk/info
  DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O .disk/info
  INFO: Arch is: amd64
  INFO: Series is saucy
  DEBUG: Standard name for this iso is: saucy-desktop-amd64.iso
  DEBUG: Generating verification certificates
  DEBUG: Extracting UEFI boot and kernel images
  DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./EFI/BOOT/BOOTx64.EFI
  DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O EFI/BOOT/BOOTx64.EFI
  DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./EFI/BOOT/grubx64.efi
  DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O EFI/BOOT/grubx64.efi
  DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso casper/vmlinuz.efi
  DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O casper/vmlinuz.efi
  DEBUG: Verifying UEFI shim
  DEBUG: Verifying UEFI grub
  DEBUG: Detaching kernel signature
  DEBUG: Verifying kernel signature
  ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
  ERROR: Traceback (most recent call last):
    File "/usr/lib/python2.7/unittest/case.py", line 327, in run
      testMethod()
    File "/usr/share/utah/isotest/iso_static_validation.py", line 505, in test_efi_secure_boot_signatures
      self.assertEqual(stdout, 'Signature verification OK\n')
    File "/usr/lib/python2.7/unittest/case.py", line 511, in assertEqual
      assertion_func(first, second, msg=msg)
    File "/usr/lib/python2.7/unittest/case.py", line 504, in _baseAssertEqual
      raise self.failureException(msg)
  AssertionError: 'Signature verification failed\n' != 'Signature verification OK\n'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1201444/+subscriptions