In days of Ubuntu Core 16,18 we made good security restriction, prohibiting installation of unasserted kernel replacing installed asserted one.
I was wondering since the introduction of the
grade in Ubuntu Core 20 model assertion, if we would want to reevaluate this rule for the models with grade
I have no strong opinion either way, but recent experience when customer was trying to test own kernel snap on the development image (grade
dangerous) and eventually needed to reflash the device to permit the test. But for that kernel needed to have its confinement turned to devmode as it was including FDE hook and those require auto connection for first boot. So many hoop to jump through, for simple test.
Do we see grade dangerous as something which might permit this scenario?