[Bug 2008120] [NEW] Third-party drivers are silently left unsigned when installing Ubuntu Desktop on a system with Secure Boot, Broadcom WiFi, and LVM+encryption

Aaron Rainbolt 2008120 at bugs.launchpad.net
Wed Feb 22 18:23:12 UTC 2023 

Public bug reported:

Hardware: HP Elitebook 8570p, 120 GB SSD, 16 GB RAM, Intel Core
i5-3210m, UEFI, Secure Boot enabled. Using the Ubuntu 22.04.2 release
candidate.

Steps to reproduce:
1. Flash the Ubuntu Desktop 22.04.2 ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
2. Using the new USB drive, boot a laptop with UEFI, Secure Boot enabled, and Broadcom WiFi.
3. When the welcome screen appears, click "Install Ubuntu".
4. When given the option, enable third-party drivers and enter a password for configuring Secure Boot.
5. When presented with the 'Installation type' screen, choose to erase the entire disk and install Ubuntu, then enable LVM+encryption.
6. Proceed with the rest of the installation as normal.
7. When installation is finished, reboot. You will see the MOK enrollment screen.
8. Enroll the MOK using the same password you entered during the installation process.
9. Reboot again.

Expected result: When the Ubuntu desktop appears, WiFi should be fully
functional.

Actual result: WiFi is disabled when the Ubuntu desktop appears, and
cannot be enabled.

Notes:

Attempting to manually load the Broadcom WiFi driver via "sudo modprobe
wl" resulted in the error "modprobe: ERROR: could not insert 'wl': Key
was rejected by service".

I was able to get WiFi working after installation by running "sudo dpkg-
reconfigure bcmwl-kernel-source". This prompted me to enroll a MOK *a
second time*. I used the same password for the second enrollment. I
rebooted the system after using dpkg-reconfigure and I was indeed
presented with the MOKManager screen. After enrolling this second MOK, I
rebooted and WiFi worked as expected.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-32-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed Feb 22 12:13:32 2023
InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
InstallationDate: Installed on 2023-02-22 (0 days ago)
InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ubiquity
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: ubiquity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug jammy ubiquity-22.04.19 wayland-session

** Description changed:

  Hardware: HP Elitebook 8570p, 120 GB SSD, 16 GB RAM, Intel Core
- i5-3210m, UEFI, Secure Boot enabled.
+ i5-3210m, UEFI, Secure Boot enabled. Using the Ubuntu 22.04.2 release
+ candidate.
  
  Steps to reproduce:
- 1. Flash the Ubuntu Desktop ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
+ 1. Flash the Ubuntu Desktop 22.04.2 ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
  2. Using the new USB drive, boot a laptop with UEFI, Secure Boot enabled, and Broadcom WiFi.
  3. When the welcome screen appears, click "Install Ubuntu".
  4. When given the option, enable third-party drivers and enter a password for configuring Secure Boot.
  5. When presented with the 'Installation type' screen, choose to erase the entire disk and install Ubuntu, then enable LVM+encryption.
  6. Proceed with the rest of the installation as normal.
  7. When installation is finished, reboot. You will see the MOK enrollment screen.
  8. Enroll the MOK using the same password you entered during the installation process.
  9. Reboot again.
  
  Expected result: When the Ubuntu desktop appears, WiFi should be fully
  functional.
  
  Actual result: WiFi is disabled when the Ubuntu desktop appears, and
  cannot be enabled.
  
  Notes:
  
  Attempting to manually load the Broadcom WiFi driver via "sudo modprobe
  wl" resulted in the error "modprobe: ERROR: could not insert 'wl': Key
  was rejected by service".
  
  I was able to get WiFi working after installation by running "sudo dpkg-
  reconfigure bcmwl-kernel-source". This prompted me to enroll a MOK *a
  second time*. I used the same password for the second enrollment. I
  rebooted the system after using dpkg-reconfigure and I was indeed
  presented with the MOKManager screen. After enrolling this second MOK, I
  rebooted and WiFi worked as expected.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: ubiquity (not installed)
  ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-32-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 22 12:13:32 2023
  InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
  InstallationDate: Installed on 2023-02-22 (0 days ago)
  InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
  ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  XDG_RUNTIME_DIR=<set>
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  XDG_RUNTIME_DIR=<set>
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: ubiquity
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/2008120

Title:
  Third-party drivers are silently left unsigned when installing Ubuntu
  Desktop on a system with Secure Boot, Broadcom WiFi, and
  LVM+encryption

Status in ubiquity package in Ubuntu:
  New

Bug description:
  Hardware: HP Elitebook 8570p, 120 GB SSD, 16 GB RAM, Intel Core
  i5-3210m, UEFI, Secure Boot enabled. Using the Ubuntu 22.04.2 release
  candidate.

  Steps to reproduce:
  1. Flash the Ubuntu Desktop 22.04.2 ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
  2. Using the new USB drive, boot a laptop with UEFI, Secure Boot enabled, and Broadcom WiFi.
  3. When the welcome screen appears, click "Install Ubuntu".
  4. When given the option, enable third-party drivers and enter a password for configuring Secure Boot.
  5. When presented with the 'Installation type' screen, choose to erase the entire disk and install Ubuntu, then enable LVM+encryption.
  6. Proceed with the rest of the installation as normal.
  7. When installation is finished, reboot. You will see the MOK enrollment screen.
  8. Enroll the MOK using the same password you entered during the installation process.
  9. Reboot again.

  Expected result: When the Ubuntu desktop appears, WiFi should be fully
  functional.

  Actual result: WiFi is disabled when the Ubuntu desktop appears, and
  cannot be enabled.

  Notes:

  Attempting to manually load the Broadcom WiFi driver via "sudo
  modprobe wl" resulted in the error "modprobe: ERROR: could not insert
  'wl': Key was rejected by service".

  I was able to get WiFi working after installation by running "sudo
  dpkg-reconfigure bcmwl-kernel-source". This prompted me to enroll a
  MOK *a second time*. I used the same password for the second
  enrollment. I rebooted the system after using dpkg-reconfigure and I
  was indeed presented with the MOKManager screen. After enrolling this
  second MOK, I rebooted and WiFi worked as expected.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: ubiquity (not installed)
  ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-32-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 22 12:13:32 2023
  InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
  InstallationDate: Installed on 2023-02-22 (0 days ago)
  InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubiquity
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/2008120/+subscriptions

More information about the foundations-bugs mailing list