|
Bugzilla – Full Text Bug Listing |
| Summary: | trusted boot option refers to trustedgrub2 | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Ludwig Nussel <lnussel> |
| Component: | YaST2 | Assignee: | YaST Team <yast-internal> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | fkrueger, jreidinger, mchang, snwint |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://trello.com/c/W6CKhmvf | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | y2logs | ||
trustedgrub2 only contains docu, not sure what this option in yast is meant to do in the first place :/ ok, it sets TRUSTED_BOOT in sysconfig for perl-Bootloader. That works. So references to trustedgrub2 are outdated. trustedgrub2(-i386-pc) was some ancient non-UEFI variant, AFAIK. Michael, can we safely forget about this? (In reply to Steffen Winterfeldt from comment #3) > trustedgrub2(-i386-pc) was some ancient non-UEFI variant, AFAIK. Yes. > Michael, can we safely forget about this? If it mentions trustedgrub2 in UEFI install then it is wrong as that is for i386-pc only. For UEFI, signed /usr/share/grub2/x86_64-efi/grub-tpm.efi will be installed to enable measure boot according to https://www.gnu.org/software/grub/manual/grub/grub.html#Measured-Boot ... Added to YaST Kanban board. (In reply to Steffen Winterfeldt from comment #5) > Added to YaST Kanban board. Any news or solution? Not yet, but it's in our current sprint. After playing a bit with tpm2 (in qemu), it seems the only apparent thing to improve is the help text: https://github.com/yast/yast-bootloader/pull/670 Apart from that, on non-efi x86_64 the system startup always runs into "TrustedeGRUB2 TPM Error" while an efi system boots fine and I see grub measuring things with tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements but otoh grub seems not to try block the boot process in any way. So the usefulness of the status quo is not apparent to me but likely I'm just missing something in handling tpm. BTW, it might be a good idea to auto-select the tpm2.0-tools package. fix submitted |
Created attachment 857442 [details] y2logs During installation of TW 20220324 I enabled the option for trusted boot. According to the help screen it's support install trustedgrub2 etc but was not the case after all.