Default module signing algo should be accelerated
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
* Slow secureboot due to unoptimized signature verification algo
[ Test Plan ]
* Check config enforcement:
If CONFIG_
[ Where problems could occur ]
* Very old hardware incapable of a given optimisation will not gain from having optimised algo built-in
[ Other Info ]
* Full details
Default module signing algo should be accelerated
Default crypto signing algorithm for kernel modules, all its accelerated versions, should be built-in. This is to allow secureboot of accelerated machines to boot as quickly as possible when verifying each module signature.
For example:
given CONFIG_
All of
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
Should be =y on secureboot platforms.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 2034061
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.