kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #08385
[Bug 1201444] Re: linux and linux-signed may becomes skewed due to loose dependancy (was Secure boot signature verification of linux kernel is failing with today's images)
This bug was fixed in the package linux-signed - 3.8.0-29.42
---------------
linux-signed (3.8.0-29.42) raring; urgency=low
* Version 3.8.0-29.42
linux-signed (3.8.0-28.41) raring; urgency=low
* Version 3.8.0-28.41
[ Andy Whitcroft ]
* Fix the version number constraint between linux and linux-signed to be
'=' to ensure we cannot migrate linux without linux-signed being in
lock step. (LP: #1201444)
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Tue, 13 Aug 2013 12:33:59 -0700
** Changed in: linux-signed (Ubuntu Raring)
Status: Fix Committed => Fix Released
** Changed in: linux-signed-lts-raring (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1201444
Title:
linux and linux-signed may becomes skewed due to loose dependancy (was
Secure boot signature verification of linux kernel is failing with
today's images)
Status in “linux-signed” package in Ubuntu:
Fix Released
Status in “linux-signed-lts-raring” package in Ubuntu:
Invalid
Status in “linux-signed” source package in Precise:
Invalid
Status in “linux-signed-lts-raring” source package in Precise:
Fix Released
Status in “linux-signed” source package in Raring:
Fix Released
Status in “linux-signed-lts-raring” source package in Raring:
Invalid
Status in “linux-signed” source package in Saucy:
Fix Released
Status in “linux-signed-lts-raring” source package in Saucy:
Invalid
Bug description:
Secure boot signature verification of linux kernel (3.10.0-2-generic
#11) is failing with today's images (20130715) against the keys
present in http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-
regression-testing/master/files/head:/notes_testing/secure-boot/keys/
The test_efi_secure_boot_signatures test in static validation test, present in http://bazaar.launchpad.net/~utah/utah/dev/view/head:/utah/isotest/iso_static_validation.py accounts for this test and the failure is as follows,
--------------------------------------------------------------------------------
__main__.TestValidateISO.test_efi_secure_boot_signatures
--------------------------------------------------------------------------------
DEBUG: Using iso at: /tmp/utah-saucy-desktop-amd64.iso
INFO: Preparing image: /tmp/utah-saucy-desktop-amd64.iso
INFO: /tmp/utah-saucy-desktop-amd64.iso is locally available as /tmp/utah-saucy-desktop-amd64.iso
INFO: Getting image type of /tmp/utah-saucy-desktop-amd64.iso
DEBUG: bsdtar list command: bsdtar -t -f /tmp/utah-saucy-desktop-amd64.iso
INFO: Image type is: desktop
DEBUG: Using normal image
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./.disk/info
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O .disk/info
INFO: Arch is: amd64
INFO: Series is saucy
DEBUG: Standard name for this iso is: saucy-desktop-amd64.iso
DEBUG: Generating verification certificates
DEBUG: Extracting UEFI boot and kernel images
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./EFI/BOOT/BOOTx64.EFI
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O EFI/BOOT/BOOTx64.EFI
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso ./EFI/BOOT/grubx64.efi
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O EFI/BOOT/grubx64.efi
DEBUG: bsdtar list command: bsdtar -t -v -f /tmp/utah-saucy-desktop-amd64.iso casper/vmlinuz.efi
DEBUG: bsdtar extract command: bsdtar -x -f /tmp/utah-saucy-desktop-amd64.iso -O casper/vmlinuz.efi
DEBUG: Verifying UEFI shim
DEBUG: Verifying UEFI grub
DEBUG: Detaching kernel signature
DEBUG: Verifying kernel signature
ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
ERROR: Traceback (most recent call last):
File "/usr/lib/python2.7/unittest/case.py", line 327, in run
testMethod()
File "/usr/share/utah/isotest/iso_static_validation.py", line 505, in test_efi_secure_boot_signatures
self.assertEqual(stdout, 'Signature verification OK\n')
File "/usr/lib/python2.7/unittest/case.py", line 511, in assertEqual
assertion_func(first, second, msg=msg)
File "/usr/lib/python2.7/unittest/case.py", line 504, in _baseAssertEqual
raise self.failureException(msg)
AssertionError: 'Signature verification failed\n' != 'Signature verification OK\n'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1201444/+subscriptions