[Bug 1833277] Re: LIvepatch widget should link to secure boot information on error

Will Cooke 1833277 at bugs.launchpad.net
Wed Jun 19 10:31:59 UTC 2019 

We made a start on a wiki page which would detail some of this
information:

https://wiki.ubuntu.com/azzar1/Kernel/Livepatch

Could the current Livepatch wiki page be updated to include more
information about these common problem areas?
(https://wiki.ubuntu.com/Kernel/Livepatch)

We could then link to that wiki page from the notification, or from the
livepatch panel in Software & Updates.

I will ask for input from design here too.


** Tags added: needs-design

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1833277

Title:
  LIvepatch widget should link to secure boot information on error

Status in update-notifier package in Ubuntu:
  Triaged

Bug description:
  The livepatch widget will show an error[0] if patches cannot be
  applied. They cannot be applied on a Secure Boot system unless the
  livepatch signing key is imported. Unfortunately this requires a
  reboot and some confirmation in the UEFI settings, so it can't be
  automated.

  `canonical-livepatch help` displays some instructions to fix this:

  
  SECUREBOOT:
         If you are using secure boot, you will also need to import the livepatch public keys into your keyring.

         This can be done with the following command:
         sudo mokutil --import /snap/canonical-livepatch/current/keys/livepatch-kmod.x509

         After this enter a password if necessary for MOK, then reboot.
         Your BIOS will then guide you through enrolling a new key in MOK.
         At this point you will be able to verify the module signatures.

  This is probably something worth linking to from that error message.
  In general, we might need a page explaining other reasons the kernel
  can't be patched, how to get more details from the system log, etc.

  c at slate:~$ canonical-livepatch status
  client-version: 9.3.0
  architecture: x86_64
  cpu-model: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
  last-check: 2019-06-18T10:40:35-05:00
  boot-time: 2019-06-18T11:05:06-05:00
  uptime: 50m59s
  status:
  - kernel: 4.15.0-51.55-generic
    running: true
    livepatch:
      checkState: check-failed
      patchState: apply-failed
      version: "52.3"
      fixes: |-
        * CVE-2019-11477
        * CVE-2019-11478

  [0] https://drive.google.com/file/d/1cQbtCNE-
  ekoPO159SJDwKrjPGpkSuucm/view?usp=sharing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1833277/+subscriptions

More information about the foundations-bugs mailing list