[Bug 1652147] Re: UEFI secure boot fails after 14.04 to 16.04 upgrade
Andy Whitcroft
apw at canonical.com
Mon Jan 9 10:02:20 UTC 2017
Confirming the version installed was the withdrawn shim SRU from trusty,
still installed in the xenial system.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1652147
Title:
UEFI secure boot fails after 14.04 to 16.04 upgrade
Status in ubuntu-release-upgrader package in Ubuntu:
New
Bug description:
I did a release upgrade from fully upgraded Trusty/14.04.x to Xenial/16.04 today (amd64). There was no indication of any problems during the upgrade. Only oddly asking to disable secure boot on the shim level again (already had done this on Trusty). Also I had the proposed pocket enabled in Trusty before doing the upgrade (update-manager).
After reboot I get a textual error message that "image verification has failed" and I am presented with a menu to select a different UEFI element (this is a Lenovo x230).
I can disable secure boot in the BIOS and am then able to boot.
Not sure this is related to the issue but from the system booted without secure boot I tried to run sbverify and it returns the same error for all EFI binaries I tried:
# sbverify shimx64.efi
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
PKCS7 verification failed
140313718134424:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:336:Verify error:unable to get local issuer certificate
Signature verification failed
If there is any other info that is needed, let me know. Or/and if
there are any steps to resolve the issue, let me know, too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1652147/+subscriptions
More information about the foundations-bugs
mailing list