Installing unasserted kernel snap on devices with dangerous model

Hi @mvo @pedronis @niemeyer

In days of Ubuntu Core 16,18 we made good security restriction, prohibiting installation of unasserted kernel replacing installed asserted one.

I was wondering since the introduction of the grade in Ubuntu Core 20 model assertion, if we would want to reevaluate this rule for the models with grade dangerous.

I have no strong opinion either way, but recent experience when customer was trying to test own kernel snap on the development image (grade dangerous) and eventually needed to reflash the device to permit the test. But for that kernel needed to have its confinement turned to devmode as it was including FDE hook and those require auto connection for first boot. So many hoop to jump through, for simple test.

Do we see grade dangerous as something which might permit this scenario?


Seems very reasonable behavior to me for grade: dangerous models

There’s a related bug report about UC20 and grade dangerous.