kernel-packages team mailing list archive

[Ubfan <1170150@xxxxxxxxxxxxxxxxxx>]

Downloaded the Sept 20 desktop 64 bit ISO, and on a Secure Boot UEFI
laptop running 13.04, created USB install media, and installed to
another USB set up with gpt and an EFI partition.  Booting the target
USB worked in secure mode, with the signed kernel being used, but the
symlink for the kernel is still to the unsigned kernel.    As an aside
here, to be entered into another bug, note that the above
straightforward procedure left the laptop unbootable, with the grub.cfg
file on the hard disk's EFI reset to the uuid of the USB stick, (and an
additional unnecessary NVRAM boot entry added).

** Changed in: linux (Ubuntu Saucy)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1170150

Title:
  vmlinuz/initrd.img symlinks do not point to signed versions on kernel
  updates of secure boot UEFI machines

Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux” source package in Raring:
  Won't Fix
Status in “linux” source package in Saucy:
  Confirmed

Bug description:
  Kernel updates on a UEFI pc with secure boot enabled have the vmlinuz
  and initrd.img symlinks updated, but they point to the unsigned
  versions of the kernel instead of the signed ones.  The pc was set up
  with secure boot on, has never been booted with secure boot off, and
  no runtime problems have been noted from the wrong symlinks.  Having
  the links to the signed versions is highly desirable, in order to set
  up a USB stick with its own EFI directory to boot Ubuntu, and not have
  to worry about changing the USB stick's grub.cfg files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170150/+subscriptions