Hi yamato, thank you! Good news, this time the fix is working and I was able to kdump in my secureboot system. So, I'll move on and change title/component/description of this LP to proceed with the SRU - I hope next kernel (after 4.15.0-97) will have the fix =)
In order to test the kernel, you must follow the below procedures (as root user): [I assume you don't have the proposed pocket enabled in your system, if so please disable it before testing] add-apt-repository ppa:gpiccoli/test1869672-2 apt-get update apt-get install linux-image-4.15.0-97-generic linux-modules-4.15.0-97-generic linux-modules-extra-4.15.0-97-generic Then, get the file: http://ppa.launchpad.net/gpiccoli/test1869672-2/ubuntu/dists/bionic/main/signed /linux-amd64/4.15.0-97.98+TEST0000000v20200423b3/signed.tar.gz Extract it and you'll see a file uefi.crt in "control/" folder. You can use the following command to extract its .DER key: openssl x509 -in uefi.crt -outform der -out cert.der Finally, I'm running "mokutil --import cert.der" to enroll the certificate on shim. After that, you must reboot and you firmware should present you a MOK utility to enroll the key (OVMF does, I need to access through serial console when booting). With all these steps, I was able to test successfully the kernel, and produced a kernel dump. Cheers, Guilherme ** Summary changed: - kdump kernel can't be loaded using kernel 4.15.0-76 + Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** No longer affects: makedumpfile (Ubuntu) ** Changed in: linux (Ubuntu) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli) ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to makedumpfile in Ubuntu. https://bugs.launchpad.net/bugs/1869672 Title: Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in makedumpfile source package in Bionic: In Progress Bug description: Thank you for reading this report. This may caused by bugs in kernel, not in kdump. If so, I will report this to kernel team. I need your comment to solve this. [Impact] * Kdump kernel can't be loaded using linux kernel 4.15.0-76. [Environment] Description: Ubuntu 18.04.4 LTS Release: 18.04 uname: Linux ubuntu 4.15.0-76-generic #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Secure boot is enabled. Versions: * kexec-tools/bionic-updates,now 1:2.0.16-1ubuntu1.1 * kdump-tools/bionic-updates,now 1:1.6.5-1ubuntu1~18.04.4 [Test case] 1)After OS booted, run systemctl status kdump-tools shows these messages below: .... ● kdump-tools.service - Kernel crash dump capture service Loaded: loaded (/lib/systemd/system/kdump-tools.service; enabled; vendor preset: enabled) Active: active (exited) since Fri 2020-03-27 16:40:31 JST; 5min ago Process: 895 ExecStart=/etc/init.d/kdump-tools start (code=exited, status=0/SUCCESS) Main PID: 895 (code=exited, status=0/SUCCESS) Mar 27 16:40:31 ubuntu systemd[1]: Starting Kernel crash dump capture service... Mar 27 16:40:31 ubuntu kdump-tools[895]: Starting kdump-tools: * Creating symlink /var/lib/kdump/vmlinuz Mar 27 16:40:31 ubuntu kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img Mar 27 16:40:31 ubuntu kdump-tools[895]: kexec_file_load failed: Exec format error Mar 27 16:40:31 ubuntu kdump-tools[895]: * failed to load kdump kernel Mar 27 16:40:31 ubuntu systemd[1]: Started Kernel crash dump capture service. .... 2)Run kexec directly: $ sudo /sbin/kexec -p --command-line="/boot/vmlinuz-4.15.0-76-generic root=UUID=29a89ad8-8923-435e-a88c-aaf5cb379568 ro mce=ignore_ce reset_devices systemd.unit=kdump-tools-dump.service nr_cpus=1 irqpoll nousb ata_piix.prefer_ms_hyperv=0" --initrd=/boot/initrd.img-4.15.0-76-generic /boot/vmlinuz-4.15.0-64-generic Then,these messages are shown: Cannot open /proc/kcore: Operation not permitted Cannot read /proc/kcore: Operation not permitted Cannot load /boot/vmlinuz-4.15.0-76-generic On dmesg, these messages are shown: .... [ 538.524718] Lockdown: /proc/kcore is restricted; see man kernel_lockdown.7 .... 3) Changing OS kernel to older one(I used 4.15.0-64), kdump kernel can be loaded. $ sudo systemctl status kdump-tools ● kdump-tools.service - Kernel crash dump capture service Loaded: loaded (/lib/systemd/system/kdump-tools.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2020-03-25 13:39:03 JST; 5 days ago Main PID: 832 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) CGroup: /system.slice/kdump-tools.service Mar 25 13:39:02 ubuntu systemd[1]: Starting Kernel crash dump capture service... Mar 25 13:39:02 ubuntu kdump-tools[832]: Starting kdump-tools: * Creating symlink /var/lib/kdump/vmlinuz Mar 25 13:39:02 ubuntu kdump-tools[832]: * Creating symlink /var/lib/kdump/initrd.img Mar 25 13:39:03 ubuntu kdump-tools[832]: * loaded kdump kernel Mar 25 13:39:03 ubuntu kdump-tools[938]: loaded kdump kernel Mar 25 13:39:03 ubuntu systemd[1]: Started Kernel crash dump capture service. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1869672/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
