[Bug 1980358] Re: ARM64 images don't boot when secureboot is enabled
Andrew Cloke
1980358 at bugs.launchpad.net
Wed Jul 6 11:23:57 UTC 2022
** Description changed:
[Impact]
- * ARM64 images fail to boot when secureboot is enabled, this is due to Focal and Bionic
- images having unsigned `shim` and `grub-efi-arm64`
+ * This is a backport to focal and bionic of arm64 secureboot enablement work that has already been released in jammy.
+ * Users wishing to use secureboot to boot ARM64 bionic and focal cloud images will fail. This is due to the bionic and focal images including incorrect grub EFI binaries. The correct grub EFI binaries, that are included in jammy arm64 cloud images are `shim-signed` and `grub-efi-arm64-signed`.
[Test Plan]
* Build an ARM64 image and ensure that it boots when secureboot is
enabled
[Where problems could occur]
* A lot of different derivative images inherit from `disk-image-uefi.binary`, this change
has the potential to tamper with the arcane matters related to boot
[Other Info]
* This is a backport, images of Jammy and newer have had those changes since release
- * There is an SRU exception for livecd-rootfs described here: https://wiki.ubuntu.com/StableReleaseUpdates#livecd-rootfs
+ * There is an SRU exception for livecd-rootfs described here: https://wiki.ubuntu.com/StableReleaseUpdates#livecd-rootfs
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1980358
Title:
ARM64 images don't boot when secureboot is enabled
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in livecd-rootfs source package in Bionic:
New
Status in livecd-rootfs source package in Focal:
New
Status in livecd-rootfs source package in Impish:
Fix Released
Status in livecd-rootfs source package in Jammy:
Fix Released
Bug description:
[Impact]
* This is a backport to focal and bionic of arm64 secureboot enablement work that has already been released in jammy.
* Users wishing to use secureboot to boot ARM64 bionic and focal cloud images will fail. This is due to the bionic and focal images including incorrect grub EFI binaries. The correct grub EFI binaries, that are included in jammy arm64 cloud images are `shim-signed` and `grub-efi-arm64-signed`.
[Test Plan]
* Create bionic and focal arm64 images using the updated livecd-rootfs
* Test that both bionic and focal arm64 images boot successfully on a cloud platform that requires secureboot
* Test that non-secureboot functionality has not regressed by testing that both bionic and focal images successfully boot on a cloud platform where secureboot is not required
[Where problems could occur]
* A lot of different derivative images inherit from `disk-image-uefi.binary`, this change
has the potential to tamper with the arcane matters related to boot
[Other Info]
* This is a backport, images of Jammy and newer have had those changes since release
* There is an SRU exception for livecd-rootfs described here: https://wiki.ubuntu.com/StableReleaseUpdates#livecd-rootfs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1980358/+subscriptions
More information about the foundations-bugs
mailing list