Oracle Linux. UEFI Secure Boot Signing Key Update Notice

Similar documents
Microsoft Active Directory Plug-in User s Guide Release

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

Oracle Cloud E

Microsoft Internet Information Services (IIS) Plug-in User s Guide Release

Oracle Utilities Advanced Spatial and Operational Analytics

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Communications Configuration Management

Oracle Enterprise Data Quality for Product Data

Oracle Fusion Middleware

Security Guide Release 4.0

Oracle Utilities Work and Asset Management Integration to Primavera P6 Enterprise Project Portfolio Management

Oracle Banking Channels Bank User Base

Oracle Database Appliance Accessibility Guide. Release

Oracle Utilities Customer Care and Billing

Oracle NoSQL Database Integration with SQL Developer. Release 18.1

Microsoft.NET Framework Plug-in User s Guide Release

Oracle Agile Product Lifecycle Management for Process Reporting User Guide Release E

Database Change Reference Release 6.3

Oracle Hospitality MICROS Commerce Platform Release Notes Release Part Number: E December 2015

Oracle Identity Manager Connector Guide for Dropbox. Release

Oracle SQL Developer Web Accessibility Guide. Release 18.1

Oracle Cloud Using Oracle E-Business Suite Adapter Endpoint Configuration Wizard. Release 17.3

Oracle Utilities Opower Custom URL Configuration

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

Oracle Communications Convergent Charging Controller. Sample Message Flows Reference Guide Release 6.0.1

Oracle Retail MICROS Stores2 Functional Document Sales - Receipt List Screen Release September 2015

Oracle Enterprise Manager

Report Management and Editor!

Oracle Virtual Desktop Client for ipad. Release Notes for Release 1.2

Release for Microsoft Windows

Oracle Hospitality Cruise Shipboard Property Management System Topaz Signature Device Installation Guide Release 8.00 E

Oracle Cloud Getting Started with Oracle WebCenter Portal Cloud Service

Oracle Fusion Middleware Oracle Cloud Adapters Postinstallation Configuration Guide. 12c Release ( )

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Materials Control. Account Classes. Product Version Account Classes. Document Title: Joerg Trommeschlaeger

Oracle Cloud Known Issues for Trial and Paid Subscriptions. Release 18.1

JavaFX. JavaFX System Requirements Release E

PeopleSoft Fluid Required Fields Standards

Recipe Calculation Survey. Materials Control. Copyright by: MICROS-FIDELIO GmbH Europadamm 2-6 D Neuss Date: August 21 st 2007.

Oracle Utilities Customer Care and Billing

Oracle Fusion Middleware Creating Domain Templates Using the Domain Template Builder. 12c ( )

Oracle Fusion Middleware Known Issues in Oracle Stream Analytics

Oracle Payment Interface Installation and Reference Guide Release E April 2018

Oracle Utilities Smart Grid Gateway

Oracle Enterprise Manager Ops Center

Oracle Utilities Work and Asset Management

Oracle Hospitality Suite8 XML Export of Invoice Data for Hungarian Tax Authority Release and Higher E November 2016

Managing Zone Configuration

Oracle mymicros.net, icare, myinventory and mylabor Self Host Release Notes Release v April 2015

Oracle Hospitality BellaVita Hardware Requirements. June 2016

E June Oracle Linux Storage Appliance Deployment and User's Guide

PeopleSoft Fluid Icon Standards

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Insbridge Enterprise Rating Portal Configuration Guide

Oracle Simphony Venue Management (SimVen) Installation Guide Release Part Number: E

Defining Constants and Variables for Oracle Java CAPS Environments

Oracle Fusion Middleware

Oracle Agile Product Lifecycle Management for Process

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

Oracle Utilities Mobile Workforce Management

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Utilities Network Management System Integration to Oracle Utilities Mobile Workforce Management

Oracle Hospitality RES 3700 Server Setup Guide Release 5.5 E May 2016

Taleo Enterprise Deep Linking Configuration Guide Release 17

Oracle Hospitality Simphony Venue Management Release Notes Release 3.9 E March 2017

Oracle Argus Safety. 1 Configuration. 1.1 Configuring a Reporting Destination for the emdr Profile. emdr Best Practices Document Release 8.0.

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

Oracle Hospitality Simphony Engagement Cloud Service Release Notes Release 2.0 E January 2016

Oracle Cloud. Using the Google Calendar Adapter Release 16.3 E

Oracle. Field Service Cloud Using the Parts Catalog

OKM Key Management Appliance

Oracle VM. Getting Started Guide for Release 3.2

Oracle Real-Time Scheduler

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

WebLogic Tuxedo Connector Quick Start Guide for Oracle WebLogic Server 11g Release 1 (10.3.6)

Oracle Banking Enterprise Collections Release Notes Release

Oracle Communications Policy Management Configuring NetBackup for Upgrade Method of Procedure

Oracle Insurance. Implementing a. Release 5.6

Oracle Hospitality e7 Point-of-Sale Release Notes. Release 4.2

1 Understanding the Cross Reference Facility

Oracle Hospitality Cruise Silverwhere Release Notes for GDF Interface and Template Release 8.0. March 2016

Oracle Fusion Middleware

Oracle. Sales Cloud Using Sales for Outlook. Release 13 (update 18A)

Oracle Hospitality Materials Control. Server Sizing Guide

Materials Control Recipe Reduction based on Article Defaults

Oracle Utilities Analytics for Oracle Utilities Extractors and Schema and Oracle Utilities Analytics Dashboards

Oracle Human Capital Management Cloud Using the HCM Mobile Application. Release 13 (update 18C)

Oracle Revenue Management and Billing. Reporting Installation Guide. Version Revision 1.0

Oracle Hospitality BellaVita Adding a New Language Release 2.7. September 2015

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Oracle Cloud Using the Google Calendar Adapter. Release 17.3

Export generates an empty file

Oracle Cloud. Oracle Cloud Adapters Postinstallation Configuration Guide E

IBM WebSphere Portal Reference Guide Release 9.2.x

New Features in Primavera Professional 15.2

Oracle Fusion Middleware

Oracle Cloud Using the Google Calendar Adapter with Oracle Integration

Oracle Retail MICROS Stores2 Functional Document Stores2 for Portugal Disaster Recovery Release

Transcription:

Oracle Linux UEFI Secure Boot Signing Key Update Notice F12070-01 November 2018

Oracle Legal Notices Copyright 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Abstract This document contains information about an update to the UEFI Secure Boot signing key used by Oracle to sign kernels and grub packages released by Oracle. This update affects users of both the Unbreakable Enterprise Kernel and Red Hat Compatible Kernel (RHCK) on systems that are configured for UEFI Secure Boot. This document may be updated after it is released. To check for updates to this document, and to view other Oracle documentation, refer to the Documentation section on the Oracle Technology Network (OTN) Web site: https://www.oracle.com/technology/documentation/ This document is intended for users and administrators of Oracle Linux. It describes an update to the UEFI Secure Boot signing key used by Oracle to sign kernels and grub packages released by Oracle. This update affects users of both the Unbreakable Enterprise Kernel and Red Hat Compatible Kernel (RHCK) on systems that are configured for UEFI Secure Boot. It provides instructions on how to update your system if you are using UEFI Secure Boot and how to handle a downgrade in the event that you need to use a kernel signed by an earlier signing key. Oracle recommends that you read this document before upgrading or downgrading your kernel if you use UEFI Secure Boot. Document generated on: 2018-11-14 (revision: 6454)

Table of Contents Preface... v 1 Notice Description... 1 2 Action Items... 3 2.1 Upgrading... 3 2.2 Downgrading... 3 iii

iv

Preface Audience The Oracle Linux UEFI Secure Boot Signing Key Update Notice provides information about an update to The UEFI Secure Boot signing key used by Oracle to sign kernels and related packages that are used for UEFI Secure Boot. This document is written for system administrators who want to use UEFI Secure Boot with Oracle Linux. It is assumed that readers have a general understanding of the Linux operating system. Related Documents Conventions The latest version of this document and other documentation for this product are available at: https://www.oracle.com/technetwork/server-storage/linux/documentation/index.html. The following text conventions are used in this document: Convention boldface italic monospace Meaning Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. v

vi

Chapter 1 Notice Description Oracle has updated the key that it uses to sign kernels and grub instances to avoid key expiry. A system in Secure Boot mode will load only boot loaders and kernels that have been signed by Oracle. Oracle has updated the kernel and grub2 packages to sign them with a valid Extended Validation (EV) certificate. The EV certificate has been compiled into the shim binary and has been signed by Microsoft. This feature is fully supported from Oracle Linux 7 Update 3 onward. Newer kernel versions are signed with the new key and require that other components are updated as an atomic operation if you upgrade the system. The update affects all UEK releases, as well as the RHCK. The following kernel package versions, or higher, are signed with the new key: Red Hat Compatible Kernel (RHCK). v3.10.0-957.0 Oracle Modified Red Hat Compatible Kernel (RHCK). Unbreakable Enterprise Kernel Release 3 (UEK R3). Unbreakable Enterprise Kernel Release 4 (UEK R4). Unbreakable Enterprise Kernel Release 5 (UEK R5). v3.10.0-957.0.0.0.2 v3.8.13-118.27.1 v4.1.12-124.22.1 v4.14.35-1818.4.6 All kernels and affected packages released previously should continue to work at their current version. 1

2

Chapter 2 Action Items Table of Contents 2.1 Upgrading... 3 2.2 Downgrading... 3 If you are using UEFI Secure Boot, you should be aware of the following action items when upgrading or downgrading packages on your system. 2.1 Upgrading If you have previously enabled Secure Boot and you intend to upgrade your kernel, you must ensure that you update shim, grub2 and kernel packages as an atomic operation. If these packages are not all updated, the Secure Boot process may break and must be disabled until a full system upgrade is complete. The fwupdate-efi package is also affected by this update. Although this package is not essential for boot, you may wish to update it to a version that is equal to or higher than the versions listed below if you have it installed. If you upgrade your kernel to a version that is equal to, or higher than, a version signed with the new EV certificate, as described in Chapter 1, Notice Description, make sure the following packages are upgraded to the specified versions or later: grub2. shim. v2.02-0.76.0.3 (required) v15-1.0.3 (required) fwupdate-efi. v12-5.0.3 (optional) The package versions listed above are signed using the same EV certificate as the latest kernel releases. 2.2 Downgrading If you have enabled Secure Boot, are running a current kernel version signed with the latest EV certificate, and you intend to downgrade kernel to a version lower than any listed in Chapter 1, Notice Description; you must downgrade the shim, grub2 and kernel packages as an atomic operation. Ensure that the shim and grub2 packages are lower than the versions listed in Section 2.1, Upgrading. 3

4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback