[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy

Adam Conrad adconrad at 0c3.net
Mon Jul 22 10:13:04 UTC 2013 

Hello Petter, or anyone else affected,

Accepted ubiquity into precise-proposed. The package will build now and
be available at http://launchpad.net/ubuntu/+source/ubiquity/2.10.26 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ubiquity (Ubuntu Precise)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1184297

Title:
  Secure boot failed, claiming boot is against security policy

Status in “base-installer” package in Ubuntu:
  Fix Released
Status in “grub-installer” package in Ubuntu:
  Fix Released
Status in “grub2” package in Ubuntu:
  Fix Released
Status in “grub2-signed” package in Ubuntu:
  Fix Released
Status in “ubiquity” package in Ubuntu:
  Fix Released
Status in “base-installer” source package in Precise:
  Fix Committed
Status in “grub-installer” source package in Precise:
  Fix Committed
Status in “grub2” source package in Precise:
  Fix Committed
Status in “grub2-signed” source package in Precise:
  Fix Committed
Status in “ubiquity” source package in Precise:
  Fix Committed

Bug description:
  --- SRU ---
  == Rational ==
  Some machines aren't detected as using SecureBoot at installation time, however require SecureBoot post-installation. The easiest way to deal with this is to install shim-signed, grub-efi-amd64-signed and linux-image-signed on every UEFI machine.

  == Test case ==
  1) Install the 64bit version of Ubuntu on a UEFI machine with SecureBoot disabled
  2) Check that linux-image-signed-*, grub-efi-amd64-signed and shim-signed are installed post-install
  3) Check that sudo efibootmgr -v reports the Ubuntu entry as booting shimx64.efi

  == Regression potential ==
  This will significantly widen the range of machines that will boot through the shim so it's not impossible that a shim bug could prevent some of them from booting.
  However I don't think this is a huge issue as the livecd itself already boots through shim, so if they managed to install Ubuntu in the first place, it should still work once that change lands.

  --- original bug report ---
  I've struggled to install Linux on a Packard Bell EasyNote LV11HC, without having to accept the Windows 8 license, and my progress is documented in http://www.linlap.com/packard_bell_easynote_lv .  Had to pull the hard drive and install to a USB stick to be able to get into the firmware menu and enable the F12 boot menu. After finally being able to install Ubuntu 13.04 on the hard drive, the UEFI firmware refused to boot the hard drive, claiming it was against the security policy.  I was able to boot Ubuntu by powering on again and using F12 to pick the hard drive.

  No idea what is wrong, but can help with debugging the next few days
  before I switch to legacy BIOS and put it into production.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: shim 0~20120906.bcd0a4e8-0ubuntu4
  ProcVersionSignature: Ubuntu 3.8.0-22.33-generic 3.8.11
  Uname: Linux 3.8.0-22-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: amd64
  Date: Sun May 26 11:14:38 2013
  Dependencies:

  InstallationDate: Installed on 2013-05-26 (0 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
  MarkForUpload: True
  SourcePackage: shim
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions

More information about the foundations-bugs mailing list