Ubuntu Studio 22.04.1 and Secure Boot

Simon Quigley simon at tsimonq2.net
Tue Aug 2 17:16:53 UTC 2022


This email is meant to provide an update on Ubuntu Studio's Secure Boot 
situation in 22.04.1.

Currently, UEFI Secure Boot installs fail with Ubuntu Studio 22.04 due 
to the inclusion of the v4loopback DKMS module, which Erich intends to 
remove from the seed in order to fix this bug. In #ubuntu-release I was 
reading scrollback from Erich and Ɓukasz, and there seems to be an issue 
with germinate grabbing that dependency despite removing it in the seed 

Iain Lane chimed in and pointed me to this line[1] in germinate which 
grabs those packages. I have to agree, it's an impressive line of code.

I am willing and able to do the vast majority of the work in 
fast-tracking this through. However, I am in unfamiliar territory since 
I do not have SSH access to the server to just take a peek at logs. In 
terms of testing it, I'd like someone from Canonical to provide 
technical advice on how to properly solve this. Iain (while his feedback 
was very useful), did note he may be rusty.

As for why this is coming up *now* in the first place, I don't have the 
slightest clue. In the year 2022, flavors need to at least smoke test 
*once*, *especially* for an LTS release, to ensure Secure Boot works. 
Look, I get it, flavor teams may be short-staffed, some more than 
others, but we really need to take a look at our QA processes as the 
Ubuntu project to ensure something basic like this is caught in every 
flavor. (Yes, I'm volunteering to write the ISO QA tests.) It's 
embarrassing, as a fellow Ubuntu Flavor RM, that something like this was 
not caught and brought to the attention of the Release Team 
*immediately*. This isn't personal, I'm not trying to roast anyone in 
particular, but come on everyone, we really need to do better here. I'll 
link Lubuntu's thorough test suite here[2], and I would suggest other 
flavors take our example.

Despite my personal regrets on how this should have been handled, we 
have two days. Let's focus on this first, and we can bikeshed on QA 
processes afterwards.

[1] https://git.launchpad.net/livecd-rootfs/tree/live-build/auto/config#n132
[2] https://phab.lubuntu.me/w/release-team/testing-checklist/

Simon Quigley
simon at tsimonq2.net
tsimonq2 on LiberaChat and OFTC
@tsimonq2:linuxdelta.com on Matrix
5C7A BEA2 0F86 3045 9CC8
C8B5 E27F 2CF8 458C 2FA4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-release/attachments/20220802/5f24ac6d/attachment.sig>

More information about the Ubuntu-release mailing list