[Bug 1792575] Re: Boot failure with efi shims from 20180913.0

Wed Jan 9 14:52:35 UTC 2019

Verification-done with shim-signed in xenial-proposed:

ii  shim-signed                   1.33.1~16.04.3+15+1 amd64
Secure Boot chain-loading bootloader (Microsoft-signed binary)

I've checked that a Secure Boot-enabled system correctly validates the
shim binary that gets installed to disk, that it's the correct binary
(Shim 15, commit 3beb971b), and that MokManager can successfully run
(importing a cert). I've also checked that as per the expected changes,
package installation of the new version of shim-signed insists on having
grub2 2.02~beta2-36ubuntu3.20 installed as well.

ubuntu at lucky-moth:~$ sudo hexdump -Cv /boot/efi/EFI/ubuntu/shimx64.efi | grep -A 5 -B 5 \$Ver
sudo: unable to resolve host lucky-moth: Connection refused
000bf9b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000bf9c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000bf9d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000bf9e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000bf9f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000bfa00  55 45 46 49 20 53 48 49  4d 0a 24 56 65 72 73 69  |UEFI SHIM.$Versi|
000bfa10  6f 6e 3a 20 31 35 20 24  0a 24 42 75 69 6c 64 4d  |on: 15 $.$BuildM|
000bfa20  61 63 68 69 6e 65 3a 20  4c 69 6e 75 78 20 78 38  |achine: Linux x8|
000bfa30  36 5f 36 34 20 78 38 36  5f 36 34 20 78 38 36 5f  |6_64 x86_64 x86_|
000bfa40  36 34 20 47 4e 55 2f 4c  69 6e 75 78 20 24 0a 24  |64 GNU/Linux $.$|
000bfa50  43 6f 6d 6d 69 74 3a 20  33 62 65 62 39 37 31 62  |Commit: 3beb971b|

** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1792575

Title:
  Boot failure with efi shims from 20180913.0

Status in MAAS:
  Invalid
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in shim package in Ubuntu:
  Invalid
Status in shim-signed package in Ubuntu:
  Invalid
Status in grub2 source package in Xenial:
  Fix Released
Status in grub2-signed source package in Xenial:
  Fix Released
Status in shim source package in Xenial:
  Invalid
Status in shim-signed source package in Xenial:
  Fix Committed
Status in grub2 source package in Bionic:
  Fix Released
Status in grub2-signed source package in Bionic:
  Fix Released
Status in shim source package in Bionic:
  Invalid
Status in shim-signed source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  Chainloading grub via grub in a netboot context using MAAS's Boot to local disk feature.

  [Test cases]
  1) Deploy UEFI system using MAAS
  2) After deployment, have the system reboot to local disk (via netboot).

  [Regression potential]
  It is possible that the changes to chainloading logic that evaluates the sizes for various sections of code that gets copied to memory to load the next bootloader might fail to correctly evaluate the sections, or otherwise copy sections incorrectly, but this regression scenario is indistinguishable from the current case, there the system fails to load the next bootloader anyway. Error messages may vary, but the net result for a regression would be an incorrectly loaded bootloader, and thus error messages at boot from grub.

  ---

  We have had several nodes that had been deployed on Sept. 12 and were
  booting correctly fail to boot.

  On the console and during tracing we could see they were getting dhcp
  and pxe information, but then errored out with "relocation failed",
  dropping into a fallback grub menu with a Local boot option.

  After copying over bootx64.efi grubx64.efi from
  https://images.maas.io/ephemeral-v3/daily/bootloaders/uefi/amd64/20180906.0/
  instead of 20180913.0/ and rebooting, boot would commence
  successfully.

  Hardware: Dell R640
  maas 2.3.5-6511-gf466fdb-0ubuntu1~16.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/1792575/+subscriptions