/srv/irclogs.ubuntu.com/2018/05/04/#ubuntu-kernel.txt

=== himcesjf_ is now known as him-cesjf
leitao	cascardo,	17:16
leitao	On ppc64el kernel, we are seeing "PKCS#7 signature not signed with a trusted key". Do you know if something changed?	17:17
leitao	mainly because now I see the unsigned kernels.	17:18
cascardo	leitao: hum, don't really know much about it	18:43
cascardo	apw: ^	18:43
apw	leitao, this would be because the primary binaries are now signed, they should be signed with the official key	20:41
leitao	apw, that is why we have the signed and unsiged kernels?	20:42
apw	leitao, we have unsigned packages because otherwise there is no delivery mechanism for test kernels (which are not signed)	20:43
leitao	apw, let me ask a more silly question. What is the difference between signed and unsigned kernels? If I plan to use dkms, should I move to unsigned?	20:44
apw	leitao, for ppc64el it all depends how enforced things are; in an efi world we would either load a personal key, or disable signature enforcement	20:45
leitao	apw, how do I disable enforcement?	20:46
apw	leitao, i am not sure i know the answer to that	20:47
leitao	we rebuilt a custom kernel and now we see a lot of "PKCS#7 signature not signed with a trusted key". If I disable enforcement, will it not happen?	20:47
apw	is that built in a PPA ?	20:48
apw	as those would be signed by the per PPA key	20:48
apw	i am slightly confused, i assume there is something more amiss when the signature is present over when the image unsigned	20:52
leitao	apw, no, we did a in-house custom built	20:52
leitao	apw, I am wondering if we missed some step as adding our key somewhere.	20:53
apw	previous images would have been completely unsigned, how is it behaving different ?	20:53
apw	perhaps you could enumerate that for me in a bug so we can better understand	20:54
=== himcesjf_ is now known as him-cesjf

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!