[Bug 1892754] Re: Unable to boot in UEFI+secure boot mode

sudodus 1892754 at bugs.launchpad.net
Fri Aug 28 12:20:59 UTC 2020 

Additional test results:

- As before, the Lenovo V130 can boot when the current daily Lubuntu
Groovy iso file is used to create a persistent live drive with mkusb
(with the setting 'upefi', using 'usb-pack-efi'). This indicates that
there is a security problem with grub.

- The Dell Precision M4800 does *not* boot when the current daily
Lubuntu Groovy iso file is used to create a persistent live drive with
mkusb (with the setting 'upefi', using 'usb-pack-efi'). The internal
Ubuntu 20.04.1 LTS system is up to date, and I think that the new
stricter checks to fix the boothole security bug is active in this
computer.

Extra comments:

- The internal system in the Lenovo V130 has not been upgraded recently
because that computer has not been used except for this test to boot a
live system).

- I must probably upgrade the 'usb-pack-efi' of mkusb with a grub
version, that passes the new stricter checks to fix the boothole
security bug.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1892754

Title:
  Unable to boot in UEFI+secure boot mode

Status in grub2 package in Ubuntu:
  Confirmed

Bug description:
  The problem:

  Trying to install the QA daily build for Kubuntu Groovy 20200824 -
  when booting from the USB boot media I receive the following error:

  Error

  Verification failed: 
  (0x1A) security violation 

  Followed by an OK box - which when selected offers to import the SHIM
  key

  This error occurred on 2 machines running in UEFI+secure boot mode:

  1: Dell [Inspiron] 3521, (i3-3217U, 4GB, Intel HD Graphics 4000, Intel
  HM76 chipset 10/100 Mbps ethernet controller integrated on system
  board, WiFi 802.11 b/g/N, Bluetooth 4.0, 500 GB hd)

  2: Acer [Aspire] E3-111-P60S (Pent.N3530, 4GB, Intel HD Graphics,
  Realtek  RTL8111/81681/8411 GB Ethernet, Qualcomm Atheros AR9462
  Wireless, Bluetooth Atheros A315-53, 500 GB hd)

  Disabling secure boot the machines then boot normally in UEFI mode

  Will test further some of the other flavors..

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1892754/+subscriptions

More information about the foundations-bugs mailing list