[Bug 1980358] Re: ARM64 images don't boot when secureboot is enabled

Launchpad Bug Tracker 1980358 at bugs.launchpad.net
Mon Jul 11 07:28:19 UTC 2022 

This bug was fixed in the package livecd-rootfs - 2.525.59

---------------
livecd-rootfs (2.525.59) bionic; urgency=medium

  * ubuntu-cpc: Install `shim-signed` and `grub-efi-arm64-signed` to enable
    secureboot on ARM64 images (LP: #1980358)

 -- Ivan Kapelyukhin <ivan.kapelyukhin at canonical.com>  Thu, 30 Jun 2022
14:10:50 +0200

** Changed in: livecd-rootfs (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1980358

Title:
  ARM64 images don't boot when secureboot is enabled

Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Bionic:
  Fix Released
Status in livecd-rootfs source package in Focal:
  Fix Released
Status in livecd-rootfs source package in Impish:
  Fix Released
Status in livecd-rootfs source package in Jammy:
  Fix Released

Bug description:
  [Impact]

   * This is a backport to focal and bionic of arm64 secureboot enablement work that has already been released in jammy.
   * Users wishing to use secureboot to boot ARM64 bionic and focal cloud images will fail. This is due to the bionic and focal images including incorrect grub EFI binaries. The correct grub EFI binaries, that are included in jammy arm64 cloud images are `shim-signed` and `grub-efi-arm64-signed`.

  [Test Plan]

   * Create bionic and focal arm64 images using the updated livecd-rootfs
   * Test that both bionic and focal arm64 images boot successfully on a cloud platform that requires secureboot
   * Test that non-secureboot functionality has not regressed by testing that both bionic and focal images successfully boot on a cloud platform where secureboot is not required

  [Where problems could occur]

   * A lot of different derivative images inherit from `disk-image-uefi.binary`, this change
     has the potential to tamper with the arcane matters related to boot

  [Other Info]

   * This is a backport, images of Jammy and newer have had those changes since release
   * There is an SRU exception for livecd-rootfs described here: https://wiki.ubuntu.com/StableReleaseUpdates#livecd-rootfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1980358/+subscriptions

More information about the foundations-bugs mailing list