[Bug 1811722] Re: arm64: shim crashes in SecureBoot mode w/ some firmware
Launchpad Bug Tracker
1811722 at bugs.launchpad.net
Mon Feb 10 14:23:14 UTC 2020
This bug was fixed in the package shim - 15+1552672080.a4a1fbe-0ubuntu1
---------------
shim (15+1552672080.a4a1fbe-0ubuntu1) eoan; urgency=medium
* New upstream snapshot 15+1552672080.a4a1fbe.
* debian/patches/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch,
debian/patches/fixup_git.patch: drop patches included in upstream.
* debian/patches/MokManager-avoid-unaligned.patch: Fix compilation with GCC9:
avoid -Werror=address-of-packed-member errors in MokManager.
* debian/patches/tpm-correctness-1.patch,
debian/patches/tpm-correctness-2.patch: fix issues in TPM calls to ensure
the measurements are consistent with what is entered in the TPM event log.
* debian/patches/tpm-correctness-3.patch: Don't log duplicate identical
TPM events.
* debian/patches/MokManager-hidpi-support.patch: Do a little bit more to
try to get a more usable screen resolution for MokManager when running on
HiDPI screens; by trying to detect such cases and switching to mode 0.
* debian/rules: update COMMIT_ID explicitly for this new snapshot.
-- Mathieu Trudel-Lapierre <cyphermox at ubuntu.com> Fri, 11 Oct 2019
16:32:32 -0400
** Changed in: shim (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1811722
Title:
arm64: shim crashes in SecureBoot mode w/ some firmware
Status in shim package in Ubuntu:
Fix Released
Status in shim-signed package in Ubuntu:
Fix Committed
Bug description:
On some firmware, attempting SecureBoot on arm64 will result in a
crash. This is reproducible with a build of latest upstream EDK2 for
the ArmVirtQemu target, but not with the older version we have
packaged (edk2 0~20181115.85588389-2ubuntu1). The reason appears to be
that our older version of edk2 had the firmware flash mapped at 0x0,
which allowed NULL pointer dereferences to silently succeed. Latest
upstream has changed that, so now such accesses result in a
Synchronous Exception.
Even though we can boot in SecureBoot mode successfully with the old
firmware, I've found that doing so results in a corrupted firmware
image, making subsequent boots fail. It maybe that the memory access
that leads to the Synchronous Exception on newer firmware is a write
to the firmware region that is causing the corruption, and therefore
the same underlying root cause.
Note that I can also reproduce this with latest upstream GRUB. I
looked for possible fixes for this in shim upstream, in case it is a
problem with how shim invokes GRUB - or an issue with the Protocols
shim registers. The only change I see that might be relevant that we
don't already have is "6df7a8f Fix for "Section 0 has negative size"
error when loading fbaa64.efi", but I could still reproduce after
applying that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1811722/+subscriptions
More information about the foundations-bugs
mailing list