February 1, 2023
Ubuntu 2022v1 secure boot key rotation and friends
This is the story of the currently progressing changes to secure boot on Ubuntu and the history of how we got to where we are.
taking a step back: how does secure boot on Ubuntu work? Booting on Ubuntu involves three components after the firmware:
shim grub linux Each of these is a PE binary signed with a key. The shim is signed by Microsoft’s 3rd party key and embeds a self-signed Canonical CA certificate, and optionally a vendor dbx (a list of revoked certificates or binaries).
...
Read more 》