[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub2-signed - 1.9~ubuntu12.04.4 --- grub2-signed (1.9~ubuntu12.04.4) precise-proposed; urgency=low * Rebuild against grub-efi-amd64 1.99-21ubuntu3.10. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 20:03:16 -0400 ** Changed in: ubiquity (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub-installer - 1.68ubuntu5.2 --- grub-installer (1.68ubuntu5.2) precise-proposed; urgency=low * Always use grub-efi-amd64-signed on 64bit UEFI systems instead of relying on SecureBoot detection. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 14:11:15 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package base-installer - 1.122ubuntu7.3 --- base-installer (1.122ubuntu7.3) precise-proposed; urgency=low * Install the signed kernels on any 64bit UEFI machine. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 14:10:26 -0400 ** Changed in: base-installer (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: grub-installer (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package ubiquity - 2.10.26 --- ubiquity (2.10.26) precise-proposed; urgency=low * Automatic update of included source packages: base-installer 1.122ubuntu7.3, grub-installer 1.68ubuntu5.2. (LP: #1184297) * Install the shim and signed grub and kernels by default on all UEFI machines instead of relying on the SecureBoot nvram variable. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 19:59:43 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub2 - 1.99-21ubuntu3.10 --- grub2 (1.99-21ubuntu3.10) precise-proposed; urgency=low * Add ubuntu_shim_by_default.patch that makes any EFI system boot into the shim (if installed) even if SecureBoot is disabled. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 14:14:16 -0400 ** Changed in: grub2 (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: grub2-signed (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Tested this in OVMF, confirmed that the old precise image wouldn't install the signed packages and would boot an unsigned grub. The new image (latest daily using proposed) now installs all the signed file and boots through shimx64. The only difference I noticed is 5 efi disk errors when booting under OVMF, those for some reason only appear with the signed grub but after a bit of debug time with Colin, it seems to be related to two broken floppy images being exposed by OVMF so it shouldn't actually show up on any actual hardware (unless they have a firmware as broken as OVMF). ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Hello Petter, or anyone else affected, Accepted ubiquity into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/ubiquity/2.10.26 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ubiquity (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/precise-proposed/grub2-signed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Hello Petter, or anyone else affected, Accepted grub2-signed into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/grub2-signed/1.9~ubuntu12.04.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: grub2-signed (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Hello Petter, or anyone else affected, Accepted grub-installer into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/grub- installer/1.68ubuntu5.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: grub-installer (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Changed in: grub2-signed (Ubuntu Precise) Status: Triaged => In Progress ** Changed in: ubiquity (Ubuntu Precise) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/precise-proposed/base-installer -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/precise-proposed/grub2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/precise-proposed/grub-installer -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Hello Petter, or anyone else affected, Accepted grub2 into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/grub2/1.99-21ubuntu3.10 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: grub2 (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package base-installer - 1.122ubuntu16 --- base-installer (1.122ubuntu16) saucy; urgency=low * Install the signed kernels on any 64bit UEFI machine. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 11:30:15 -0400 ** Branch linked: lp:ubuntu/saucy-proposed/base-installer ** Changed in: base-installer (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Hello Petter, or anyone else affected, Accepted base-installer into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/base- installer/1.122ubuntu7.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: base-installer (Ubuntu Precise) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Description changed: - I've struggled to install Linux on a Packard Bell EasyNote LV11HC, - without having to accept the Windows 8 license, and my progress is - documented in http://www.linlap.com/packard_bell_easynote_lv . Had to - pull the hard drive and install to a USB stick to be able to get into - the firmware menu and enable the F12 boot menu. After finally being able - to install Ubuntu 13.04 on the hard drive, the UEFI firmware refused to - boot the hard drive, claiming it was against the security policy. I was - able to boot Ubuntu by powering on again and using F12 to pick the hard - drive. + --- SRU --- + == Rational == + Some machines aren't detected as using SecureBoot at installation time, however require SecureBoot post-installation. The easiest way to deal with this is to install shim-signed, grub-efi-amd64-signed and linux-image-signed on every UEFI machine. + + == Test case == + 1) Install the 64bit version of Ubuntu on a UEFI machine with SecureBoot disabled + 2) Check that linux-image-signed-*, grub-efi-amd64-signed and shim-signed are installed post-install + 3) Check that sudo efibootmgr -v reports the Ubuntu entry as booting shimx64.efi + + == Regression potential == + This will significantly widen the range of machines that will boot through the shim so it's not impossible that a shim bug could prevent some of them from booting. + However I don't think this is a huge issue as the livecd itself already boots through shim, so if they managed to install Ubuntu in the first place, it should still work once that change lands. + + --- original bug report --- + I've struggled to install Linux on a Packard Bell EasyNote LV11HC, without having to accept the Windows 8 license, and my progress is documented in http://www.linlap.com/packard_bell_easynote_lv . Had to pull the hard drive and install to a USB stick to be able to get into the firmware menu and enable the F12 boot menu. After finally being able to install Ubuntu 13.04 on the hard drive, the UEFI firmware refused to boot the hard drive, claiming it was against the security policy. I was able to boot Ubuntu by powering on again and using F12 to pick the hard drive. No idea what is wrong, but can help with debugging the next few days before I switch to legacy BIOS and put it into production. ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: shim 0~20120906.bcd0a4e8-0ubuntu4 ProcVersionSignature: Ubuntu 3.8.0-22.33-generic 3.8.11 Uname: Linux 3.8.0-22-generic x86_64 ApportVersion: 2.9.2-0ubuntu8 Architecture: amd64 Date: Sun May 26 11:14:38 2013 Dependencies: - + InstallationDate: Installed on 2013-05-26 (0 days ago) InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424) MarkForUpload: True SourcePackage: shim UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package ubiquity - 2.15.11 --- ubiquity (2.15.11) saucy; urgency=low * Automatic update of included source packages: base-installer 1.122ubuntu16, partman-newworld 30. (LP: #1184297) -- Stephane GraberFri, 19 Jul 2013 13:00:57 -0400 ** Changed in: ubiquity (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Changed in: base-installer (Ubuntu Precise) Status: Triaged => In Progress ** Changed in: grub2 (Ubuntu Precise) Status: Triaged => In Progress ** Changed in: grub-installer (Ubuntu Precise) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
So it looks like we also need a change to base-installer if we want the signed kernel to be installed (absolutely necessary until shim is fixed to work with unsigned kernels on Lenovo machines). ** Also affects: base-installer (Ubuntu) Importance: Undecided Status: New ** Changed in: ubiquity (Ubuntu) Status: Fix Released => Triaged ** Changed in: base-installer (Ubuntu) Importance: Undecided => High ** Changed in: base-installer (Ubuntu) Status: New => Triaged ** Changed in: base-installer (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: base-installer (Ubuntu Precise) Importance: Undecided => High ** Changed in: base-installer (Ubuntu Precise) Status: New => Triaged ** Changed in: base-installer (Ubuntu Precise) Milestone: None => ubuntu-12.04.3 ** Changed in: base-installer (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package ubiquity - 2.15.10 --- ubiquity (2.15.10) saucy; urgency=low [ Kaj Ailomaa ] * Change Ubuntu Studio background in ubiquity-dm. [ Jeremy Bicha ] * Don't tell automake to install everything to ubiquity-frontend-gtk and try to clean up after * Reorganize app icon handling - Fixes missing app icon in GNOME Shell (LP: #1164573) - Use improved icon from Humanity as fallback icon * Update *.install files for above changes * Fix minor lintian warning by not installing empty /usr/share/applications/ [ Aurélien Gâteau ] * KDE: Set icon theme to Oxygen, shows icons on standalone Ubiquity [ Dan Chapman ] * Add initial autopilot support! UI testing, brave new world! [ Stéphane Graber ] * Install the shim and signed grub and kernels by default on all UEFI machines instead of relying on the SecureBoot nvram variable. (LP: #1184297) * Automatic update of included source packages: bterm-unifont 1.3, grub-installer 1.78ubuntu8, partconf 1.42, partman-basicmethods 54, partman-jfs 40, partman-reiserfs 55, partman-xfs 52. * Fix mix tabs/spaces in test_ubiquity_custom.py. * Fix autopkgtests not passing pyflakes. -- Stephane GraberThu, 18 Jul 2013 18:10:17 -0400 ** Changed in: ubiquity (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:~xnox/ubiquity/autopilot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Changed in: ubiquity (Ubuntu) Status: Triaged => In Progress ** Changed in: grub2-signed (Ubuntu Precise) Milestone: None => ubuntu-12.04.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub2-signed - 1.15 --- grub2-signed (1.15) saucy; urgency=low * Rebuild against grub-efi-amd64 2.00-15ubuntu2. (LP: #1184297) -- Stephane GraberThu, 18 Jul 2013 16:18:49 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub2 - 2.00-15ubuntu2 --- grub2 (2.00-15ubuntu2) saucy; urgency=low * Add ubuntu_shim_by_default.patch that makes any EFI system boot into the shim (if installed) even if SecureBoot is disabled. (LP: #1184297) -- Stephane GraberThu, 18 Jul 2013 15:40:25 -0400 ** Changed in: grub2 (Ubuntu) Status: In Progress => Fix Released ** Changed in: grub2-signed (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/saucy-proposed/grub2-signed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Also affects: grub2-signed (Ubuntu) Importance: Undecided Status: New ** Changed in: grub2-signed (Ubuntu) Status: New => Triaged ** Changed in: grub2-signed (Ubuntu) Importance: Undecided => High ** Changed in: grub2-signed (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: grub2-signed (Ubuntu Precise) Status: New => Triaged ** Changed in: grub2-signed (Ubuntu Precise) Importance: Undecided => High ** Changed in: grub2-signed (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: grub2-signed (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Branch linked: lp:ubuntu/grub-installer -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
This bug was fixed in the package grub-installer - 1.78ubuntu8 --- grub-installer (1.78ubuntu8) saucy; urgency=low * Always use grub-efi-amd64-signed on 64bit UEFI systems instead of relying on SecureBoot detection. (LP: #1184297) -- Stephane GraberThu, 18 Jul 2013 15:41:07 -0400 ** Branch linked: lp:ubuntu/saucy-proposed/grub2 ** Changed in: grub-installer (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Changed in: grub-installer (Ubuntu) Status: Triaged => In Progress ** Changed in: grub2 (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Also affects: grub2 (Ubuntu) Importance: Undecided Status: New ** Also affects: ubiquity (Ubuntu) Importance: Undecided Status: New ** Changed in: ubiquity (Ubuntu) Status: New => Triaged ** Changed in: ubiquity (Ubuntu Precise) Status: New => Triaged ** Changed in: grub2 (Ubuntu) Status: New => Triaged ** Changed in: grub2 (Ubuntu Precise) Status: New => Triaged ** Changed in: grub2 (Ubuntu) Importance: Undecided => High ** Changed in: grub2 (Ubuntu Precise) Importance: Undecided => High ** Changed in: ubiquity (Ubuntu) Importance: Undecided => High ** Changed in: ubiquity (Ubuntu Precise) Importance: Undecided => High ** Changed in: ubiquity (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: grub2 (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: grub2 (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: ubiquity (Ubuntu Precise) Milestone: None => ubuntu-12.04.3 ** Changed in: grub2 (Ubuntu Precise) Milestone: None => ubuntu-12.04.3 ** Changed in: ubiquity (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
So after some discussion we just had with Colin and Steve, the conclusion is that we'll change grub2 and the installer to always install shim-signed on UEFI machines and have all machines secureboot or not go through the shim at boot time. That way we won't need to rely on the state of the machine at grub installation time to know which binary to use. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
** Changed in: grub-installer (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: grub-installer (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Is there anything I can do to help debug this issue? I left the installer to do its job automatically, and thus do not know what I could have done differently. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
I've reviewed the KEK and db from this system, and they appear to contain the necessary third-party marketplace key as expected. So the only issue I see is that the system has not been configured to use shim- signed on installation. ** Also affects: grub-installer (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: grub-installer (Ubuntu Precise) Status: New => Triaged ** Changed in: grub-installer (Ubuntu) Status: Confirmed => Triaged ** Changed in: grub-installer (Ubuntu Precise) Importance: Undecided => High ** Changed in: grub-installer (Ubuntu Precise) Milestone: None => ubuntu-12.04.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: grub-installer (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
Bug #1195950 appears to be the same issue on different hardware. There definitely seems to be an issue with installs winding up without shim- signed installed when they need to have it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
FYI, the contents of the SecureBoot efi variables show that SecureBoot is not enabled on this system at the time this was run. And the efibootmgr output shows that grub is being booted directly, not going through shim-signed, which would not be valid if SecureBoot is enabled. So it looks like this is a problem with shim+grub not being configured correctly on installation. ** Package changed: shim (Ubuntu) => grub-installer (Ubuntu) ** Changed in: grub-installer (Ubuntu) Importance: Undecided => High ** Changed in: grub-installer (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
[Steve Langasek]
> So http://mjg59.dreamwidth.org/24869.html explains why you needed to
> pull the hard drive.
Yeah. This really suck!
> It does not explain why you would get an error about security
> policy. Can you attach the output of the following three commands
> on the affected machine:
>
> sudo efibootmgr -v
> od -tx1
> /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
> od -tx1
> /sys/firmware/efi/efivars/SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443
>
>
> It is also potentially useful to have the contents of these files attached:
> /sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
> /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
Sure.
root@mariwan-EasyNote-LV11HC:~# efibootmgr -v
BootCurrent:
Timeout: 2 seconds
BootOrder:
Boot* HDD1:
HD(1,800,5f000,da6c4276-2f04-4eab-a3e2-4c2be0e3aa63)File(\EFI\ubuntu\grubx64.efi)RC
Boot0001* Atheros Boot Agent
BIOS(80,0,95){..
Boot0004* MATSHITA DVD-RAM UJ8E1
BIOS(3,500,da)-...A..#...
Boot0005* ST500LT012-9WS142
BIOS(2,500,1f)-...A..2...
root@mariwan-EasyNote-LV11HC:~# od -tx1
/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
000 17 00 00 00 00
005
root@mariwan-EasyNote-LV11HC:~# od -tx1
/sys/firmware/efi/efivars/SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443
000 17 00 00 00 00
005
root@mariwan-EasyNote-LV11HC:~#
--
Happy hacking
Petter Reinholdtsen
** Attachment added: "KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c"
https://bugs.launchpad.net/bugs/1184297/+attachment/3689540/+files/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
** Attachment added: "db-d719b2cb-3d3a-4596-a3bc-dad00e67656f"
https://bugs.launchpad.net/bugs/1184297/+attachment/3689541/+files/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1184297
Title:
Secure boot failed, claiming boot is against security policy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1184297/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
So http://mjg59.dreamwidth.org/24869.html explains why you needed to pull the hard drive. It does not explain why you would get an error about security policy. Can you attach the output of the following three commands on the affected machine: sudo efibootmgr -v od -tx1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c od -tx1 /sys/firmware/efi/efivars/SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443 It is also potentially useful to have the contents of these files attached: /sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f ** Changed in: shim (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184297] Re: Secure boot failed, claiming boot is against security policy
After booting using F12, the machine suddenly started booting directly from HD without any manual intervention needed. I did install scim in the mean time, but given that scim-signed already was installed, I doubt it had any effect on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184297 Title: Secure boot failed, claiming boot is against security policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1184297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
