[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy

Launchpad Bug Tracker 1184297 at bugs.launchpad.net
Fri Jul 19 23:24:48 UTC 2013 

** Branch linked: lp:ubuntu/precise-proposed/grub2

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1184297

Title:
  Secure boot failed, claiming boot is against security policy

Status in “base-installer” package in Ubuntu:
  Fix Released
Status in “grub-installer” package in Ubuntu:
  Fix Released
Status in “grub2” package in Ubuntu:
  Fix Released
Status in “grub2-signed” package in Ubuntu:
  Fix Released
Status in “ubiquity” package in Ubuntu:
  Fix Released
Status in “base-installer” source package in Precise:
  Fix Committed
Status in “grub-installer” source package in Precise:
  Fix Committed
Status in “grub2” source package in Precise:
  Fix Committed
Status in “grub2-signed” source package in Precise:
  Triaged
Status in “ubiquity” source package in Precise:
  Triaged

Bug description:
  --- SRU ---
  == Rational ==
  Some machines aren't detected as using SecureBoot at installation time, however require SecureBoot post-installation. The easiest way to deal with this is to install shim-signed, grub-efi-amd64-signed and linux-image-signed on every UEFI machine.

  == Test case ==
  1) Install the 64bit version of Ubuntu on a UEFI machine with SecureBoot disabled
  2) Check that linux-image-signed-*, grub-efi-amd64-signed and shim-signed are installed post-install
  3) Check that sudo efibootmgr -v reports the Ubuntu entry as booting shimx64.efi

  == Regression potential ==
  This will significantly widen the range of machines that will boot through the shim so it's not impossible that a shim bug could prevent some of them from booting.
  However I don't think this is a huge issue as the livecd itself already boots through shim, so if they managed to install Ubuntu in the first place, it should still work once that change lands.

  --- original bug report ---
  I've struggled to install Linux on a Packard Bell EasyNote LV11HC, without having to accept the Windows 8 license, and my progress is documented in http://www.linlap.com/packard_bell_easynote_lv .  Had to pull the hard drive and install to a USB stick to be able to get into the firmware menu and enable the F12 boot menu. After finally being able to install Ubuntu 13.04 on the hard drive, the UEFI firmware refused to boot the hard drive, claiming it was against the security policy.  I was able to boot Ubuntu by powering on again and using F12 to pick the hard drive.

  No idea what is wrong, but can help with debugging the next few days
  before I switch to legacy BIOS and put it into production.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: shim 0~20120906.bcd0a4e8-0ubuntu4
  ProcVersionSignature: Ubuntu 3.8.0-22.33-generic 3.8.11
  Uname: Linux 3.8.0-22-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: amd64
  Date: Sun May 26 11:14:38 2013
  Dependencies:

  InstallationDate: Installed on 2013-05-26 (0 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
  MarkForUpload: True
  SourcePackage: shim
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions

More information about the foundations-bugs mailing list