[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim-signed - 1.37~18.04.10 --- shim-signed (1.37~18.04.10) bionic; urgency=medium * Remove unnecessary efitools dependency that prevented build on arm64 shim-signed (1.37~18.04.9) bionic; urgency=medium * New upstream release 15.4. LP: #1921134 * Synchronize packaging with 1.50, summary - Update packaging to pull fb and mm from shim-signed package as in later releases, dropping the runtime dependency on shim. - Add download-signed script from linux-signed package - Include reworked Makefile from devel to better assert the integrity of the executables. - Dual-signed shim - Set XB-Important: yes on shim-signed package so that it cannot be removed by accident (LP: #1898729) - download-signed: Fetch signed artefacts from versioned URL instead of current/ symlink to work around caching (LP: #1936640) * Update to shim 15.4-0ubuntu5: - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) - Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) - Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) * Update to shim 15.4-0ubuntu7: - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) - Fix accidental deletion of RT variables (LP: #1934506) (PR #387) - mok: relax the maximum variable size check (LP: #1934780) (PR #369) -- Julian Andres Klode Mon, 19 Jul 2021 17:01:19 +0200 ** Changed in: shim-signed (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim-signed - 1.33.1~16.04.10 --- shim-signed (1.33.1~16.04.10) xenial; urgency=medium * Update to shim 15.4-0ubuntu7: - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) - Fix accidental deletion of RT variables (LP: #1934506) (PR #387) - mok: relax the maximum variable size check (LP: #1934780) (PR #369) shim-signed (1.33.1~16.04.9) xenial; urgency=medium * Do not build a dual-signed shim (fixing regression from ~16.04.7), and disable verifying fbx64.efi and mmx64.efi certificates as xenial's sbverify is unable to (impish works fine) * Clean up debhelper log file accidentally imported into git during 16.04.7 import. shim-signed (1.33.1~16.04.8) xenial; urgency=medium * debian/*.postinst: Unconditionally call grub-install with --force-extra-removable, so that the \EFI\BOOT removable path as used in cloud images receives the updates. LP: #1930742. * Update to shim 15.4-0ubuntu5: - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) - Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) - Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) shim-signed (1.33.1~16.04.7) xenial; urgency=medium * New upstream release 15.4. LP: #1921134 * Update packaging to pull fb and mm from shim-signed package as in later releases, dropping the runtime dependency on shim. * Add download-signed script from linux-signed package * Add a versioned dependency on the mokutil that introduces --timeout, and call mokutil --timeout -1 so that users don't end up with broken systems by missing MokManager on reboot after install. LP: #1856422. * Add versioned dependencies on grub-efi-amd64-signed and grub2-common, to ensure we have SBAT-compatible grub.efi and grub 2.04-compatible grub-install present when we are installing new shim to the ESP. * Include reworked Makefile from devel to better assert the integrity of the executables. -- Julian Andres Klode Fri, 16 Jul 2021 13:04:57 +0200 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim - 15.4-0ubuntu7 --- shim (15.4-0ubuntu7) hirsute; urgency=medium * Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) * Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) * Fix accidental deletion of RT variables (LP: #1934506) (PR #387) * mok: relax the maximum variable size check (LP: #1934780) (PR #369) -- Julian Andres Klode Wed, 07 Jul 2021 10:57:35 +0200 ** Changed in: shim (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: shim-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim-signed - 1.40.6 --- shim-signed (1.40.6) focal; urgency=medium * Update to shim 15.4-0ubuntu7: - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) - Fix accidental deletion of RT variables (LP: #1934506) (PR #387) - mok: relax the maximum variable size check (LP: #1934780) (PR #369) * download-signed: Fetch signed artefacts from versioned URL instead of current/ symlink to work around caching (LP: #1936640) shim-signed (1.40.5) focal; urgency=medium * New upstream release 15.4. LP: #1921134 * Synchronize packaging with 1.48, summary - Update packaging to pull fb and mm from shim-signed package as in later releases, dropping the runtime dependency on shim. - Add download-signed script from linux-signed package - Include reworked Makefile from devel to better assert the integrity of the executables. - Dual-signed shim - Set XB-Important: yes and Protected: yes on shim-signed package so that it cannot be removed by accident (LP: #1898729) * Update to shim 15.4-0ubuntu5: - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) - Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) - Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) -- Julian Andres Klode Fri, 16 Jul 2021 13:33:00 +0200 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim - 15.4-0ubuntu7 --- shim (15.4-0ubuntu7) hirsute; urgency=medium * Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) * Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) * Fix accidental deletion of RT variables (LP: #1934506) (PR #387) * mok: relax the maximum variable size check (LP: #1934780) (PR #369) -- Julian Andres Klode Wed, 07 Jul 2021 10:57:35 +0200 ** Changed in: shim (Ubuntu Focal) Status: Fix Committed => Fix Released ** Changed in: shim-signed (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Tags removed: block-proposed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
We verified them once, no need or ability to reverify those binaries across all releases on macs. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim- signed/1.33.1~16.04.10 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-done-xenial ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim- signed/1.37~18.04.9 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim-signed (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim - 15.4-0ubuntu5 --- shim (15.4-0ubuntu5) hirsute; urgency=medium * Rebuild in hirsute to get a more stable target to keep shim reproducible for a longer time. shim (15.4-0ubuntu3) impish; urgency=medium [ Steve Langasek ] * Use -Zxz compression, for compatibility with dpkg in older releases. LP: #1925673 [ Julian Andres Klode ] * Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) * Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) [ Seth Forshee ] * Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) -- Julian Andres Klode Wed, 16 Jun 2021 12:52:45 +0200 ** Changed in: shim (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim-signed - 1.48 --- shim-signed (1.48) impish; urgency=medium [ Dimitri John Ledkov ] * Ship externally signed shims in the source package, instead of detached signatures. [ Steve Langasek ] * Restore build-time 'cmp' check to assert that the output of sbattach matches the binary received from Microsoft. * Include external-$arch.p7c in the clean target. [ Julian Andres Klode ] * download-signed: Work around non-HTTP apt sources * Update to shim 15.4-0ubuntu5: - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) - Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) - Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) -- Julian Andres Klode Tue, 22 Jun 2021 12:19:31 +0200 ** Changed in: shim-signed (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Remarking xenial as done, got overridden by late shim-signed acceptance. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim-signed into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.40.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim-signed (Ubuntu Focal) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim/15.4-0ubuntu5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim (Ubuntu Focal) Status: New => Fix Committed ** Tags added: verification-needed-focal ** Tags added: block-proposed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim- signed/1.33.1~16.04.9 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-done-xenial ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
The binaries are the same across all releases, and we got confirmation before pushing the SRU out that they fix the issue, so marking as verified. ** Tags removed: verification-needed-hirsute verification-needed-xenial ** Tags added: verification-doen-hirsute verification-done-xenial ** Tags removed: verification-doen-hirsute ** Tags added: verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim- signed/1.33.1~16.04.8 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim-signed (Ubuntu Xenial) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim/15.4-0ubuntu5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim (Ubuntu Xenial) Status: New => Fix Committed ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hello Kris, or anyone else affected, Accepted shim into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim/15.4-0ubuntu5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shim (Ubuntu Hirsute) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-hirsute ** Changed in: shim (Ubuntu Hirsute) Importance: Undecided => Critical ** Changed in: shim-signed (Ubuntu Hirsute) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim-signed - 1.48 --- shim-signed (1.48) impish; urgency=medium [ Dimitri John Ledkov ] * Ship externally signed shims in the source package, instead of detached signatures. [ Steve Langasek ] * Restore build-time 'cmp' check to assert that the output of sbattach matches the binary received from Microsoft. * Include external-$arch.p7c in the clean target. [ Julian Andres Klode ] * download-signed: Work around non-HTTP apt sources * Update to shim 15.4-0ubuntu5: - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) - Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) - Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) -- Julian Andres Klode Tue, 22 Jun 2021 12:19:31 +0200 ** Changed in: shim-signed (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Description changed: + [Impact] + Booting MacBook is broken + + [Test plan] + We don't have a test plan per se to verify this bug, but the shim fix has been tested. Hard to verify those bugs :( + + [Where problems could occur] + We disable mirroring of vendor dbx into MokListXRT EFI variable, so mokutil is not able to read the vendor dbx anymore. Other things might not be able to do so either; we don't believe we've been using it so far, though. + + [Original bug report] Hi, I have a MacBookPro14,3. After upgrade to Ubuntu 21.04 it failed to boot. At first I thought I'm affected by https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925010. But my MacBook has newer efi Version and the fixed version of shim- signed is not solving my issues. >sudo dmesg | grep EFI [0.00] efi: EFI v2.40 by Apple [0.011978] ACPI: UEFI 0x7AF7D000 42 (v01 INTEL EDK2 0002 0113) [0.012029] ACPI: Reserving UEFI table memory at [mem 0x7af7d000-0x7af7d041] [0.411423] fb0: EFI VGA frame buffer device [0.418914] EFI Variables Facility v0.08 2004-May-17 [2.696996] fb0: switching to amdgpudrmfb from EFI VGA I reinstalled Ubuntu 21.04 from scratch and updated all packages during installation. The reboot failed. I hear the apple start sound and then an endless repeating echo. I've chrooted inside my system and verified that shim-signed 1.47+15.4-0ubuntu2 is installed. The suggested workaround from the other bug works (I can normally boot afterwards): /boot/efi/EFI# cp -b ubuntu/grubx64.efi ubuntu/shimx64.efi /boot/efi/EFI# cp -b ubuntu/grubx64.efi BOOT/BOOTX64.EFI "sudo apt reinstall shim-signed" reliable breaks my macbook again. Is there anything I can do to help solving this issue? What do you need? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Tags removed: block-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Tags added: block-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This bug was fixed in the package shim - 15.4-0ubuntu5 --- shim (15.4-0ubuntu5) hirsute; urgency=medium * Rebuild in hirsute to get a more stable target to keep shim reproducible for a longer time. shim (15.4-0ubuntu3) impish; urgency=medium [ Steve Langasek ] * Use -Zxz compression, for compatibility with dpkg in older releases. LP: #1925673 [ Julian Andres Klode ] * Stop addending vendor dbx to MokListXRT during MokListX mirroring. This is causing systems to run out of EFI storage space, or just hang up when trying to write it (LP: #1924605) (LP: #1928434) * Further relax the check for variable mirroring on non-secureboot systems avoiding boot failures on out of space conditons (pull request #372) [ Seth Forshee ] * Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136) (pull request #378) -- Julian Andres Klode Wed, 16 Jun 2021 12:52:45 +0200 ** Changed in: shim (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Please note that this bug is about the shim itself. Disabling upgrades is tracked in bug 1929449 which was obviously fixed, causing the regression of sorts and that regression is tracked in bug 1931112. The update for that regression is in the process of being released. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
I have Ubuntu MATE 20.10 running on my Raspberry Pi 4 and I can't upgrade because of this bug as well. I went to the file "DistUpgradeQuirks.py" (as mentioned above) and I can't see any "apple" string there to change and force the upgrade. I'm just stuck. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
> What went wrong is that the code check was also applied to non-UEFI systems. So, will the "Fix Committed" stop preventing upgrades on non-UEFI Raspberry Pi? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Doug, I'm not sure how you get confused, or why you spam the bug tracker with ASCII art like this. This = "vendor is apple OR can't read vendor" - the statement which caused the issue and which you blamed Python for for unknown reasons - was intentional, as I said. We explicitly discussed that and said that if the vendor is not readable, we should not upgrade either - it might be Apple after all. What went wrong is that the code check was also applied to non-UEFI systems. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
> This is by design, we should not upgrade Apple systems just because their dmi is broken. Wait, what? Can you not see the differences between "This", "we should not upgrade Apple systems just because their dmi is broken" and "Seems we forgot to check that we are booting on UEFI in the first place"? I am lost :( ___██ _███_██░░█ █░░░█░█ ___█░░░███░░░█░█ ___████░░░███░█░░░░█ __█░░░█████░████ _█░████ █░██░░░█ █░█░░░░░██░░██░░█ ___██░░░███░░████ __█░░█░░█ _█░░█_____█___█ _█░░█__█_███__█_███_█___█ ██____██_██ ░█░░░░░░█ █░██ ███░░██ ░░██░░░███ ██░░█░█ ░░░█ ░░░█ ░░░█ ░░░█░░██ ░░████▒▒█ ░█▒▒███▒█ ░█▒█ ░░▒▒█ ░░██ ░░░█ ██░░░██ ▓████ ▓▓▓████ ▓▓███░░░██ ▓███▓▓█ ▓▓▓██ █ ▓█ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Changed in: shim (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Please don't blame Python. This is by design, we should not upgrade Apple systems just because their dmi is broken. Seems we forgot to check that we are booting on UEFI in the first place, though, but oh well, still a step up from nobody upgrading to most x86 'PC's upgrading. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
oh sweet jesus python strikes again let's make programming fun and accessible they said logic and reason is so yesterday they said -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
That's because _test_and_fail_on_apple in DistUpgradeQuirks.py (see line 377) in the upgrader itself, is set to fail if vendor.startswith('Apple Inc.') OR if vendor is unknown i.e. /sys/class/dmi/id/sys_vendor is null (for example as it will be in WSL or just about any other system where DMI isn't implemented). Put a return after that and you should be able to force it (on your own risk). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
> However, a change has been made to ubuntu-release-upgrader that lets us > block upgrades only for Apple hardware, and upgrades have been turned on for > 20.10 to 21.04. So I'm not sure why you say that it "currently prevents" > it. What I meant by "[this bug] currently prevents do-release-upgrade to 21.04 from 20.10" is: If, as I write this, on a (non-Apple) ppc64el platform running 20.10, one attempts to use "do-release-upgrade" to upgrade to 21.04, the upgrade will not proceed, and instead this message will appear: > An upgrade is not possible at this time > > Due to a bug in shim, LP: #1928434, upgrades are not currently safe > for your hardware. > > Once that bug has been resolved you will be able to upgrade to the > next release of Ubuntu. > > > Restoring original system state > > Aborting Does that answer your question? In case it helps: 1) the "shim" package is _not_ installed on this system (which I guess isn't surprising, given that it doesn't use any of EFI, UEFI, grub etc. to boot...) 2) I believe I have the latest version of ubuntu-release-upgrader, my system reports: # ubuntu-release-upgrader-core is already the newest version (1:20.10.12) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
the change to ubuntu-release-upgrader seems to prevent me upgrading an old raspberry pi, so its not just apple An upgrade is not possible at this time Due to a bug in shim, LP: #1928434, upgrades are not currently safe for your hardware. Once that bug has been resolved you will be able to upgrade to the next release of Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
On Fri, Jun 04, 2021 at 03:11:59AM -, Doug McDonald wrote: > Does this bug affect ppc64le? It currently prevents do-release-upgrade > to 21.04 from 20.10. This bug does not affect ppc64el, but there is no interface for turning on upgrades on a per-architecture basis. However, a change has been made to ubuntu-release-upgrader that lets us block upgrades only for Apple hardware, and upgrades have been turned on for 20.10 to 21.04. So I'm not sure why you say that it "currently prevents" it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Does this bug affect ppc64le? It currently prevents do-release-upgrade to 21.04 from 20.10. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Thanks so much for the quick turnaround! We'll make sure this gets submitted to Microsoft for signing ASAP so we can get the fix into 21.04 for all users. ** Changed in: shim-signed (Ubuntu) Status: Incomplete => In Progress ** Changed in: shim (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hi Steve, Hi Julian, I didn't realize how seriously this problem was taken and I was quite busy last week. Sorry for the delay. I just tested it and it worked. Only thing which might be worth to mention: I still have the logging enabled. And the blue screen with warning "secure boot not enabled" popped up twice. Not sure if this makes sense. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Kris, we would appreciate if you could run the above test as requested by Julian and let us know if it boots on your system. We take boot regressions seriously and have put upgrades to 21.04 on hold for all users while this bug remains unresolved, but it's important to be able to close this bug out so that we can turn those upgrades back on. Once we have confirmation of a fixed shim, this will also need to publish this to all stable releases, because Microsoft has already issued revocations of our older shims. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
(for clarification, I forgot to say that this is for testing purposes, trying to figure out if this resolves the issue) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hi there, could you replace BOOTX64.EFI and shimx64.efi in your ESP with the shimx64.efi in? http://ppa.launchpad.net/ubuntu-uefi- team/ppa/ubuntu/dists/impish/main/signed/shim- amd64/15.4-0ubuntu3~uefi2/signed.tar.gz This makes the shim only mirror the actual MokListX, and not add the giant vendor DB to it, which should hopefully resolve your issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
This is trying to mirror our insanely large MokListX to MokListXRT, which is so large due to COVID related travel restrictions preventing the generation of a new signing key, and having to revoke all binaries this way instead. However, we do not actually need to mirror that list AFAIUI, because the kernel, which would consume the list, does not actually support revoking binaries by hash (and it can kexec kernels, but not the grubs we worry about). On other platforms, this just causes a warning followed by a 10s wait. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
The log shows us that in mirror_mok_db() the call to get_max_var_sz() in mok.c:366 was successful, so it must hang before line 424 where dprint() is called. Given 19304 < 0x4FDC, I assume the path in 373 is being taken, and the call to SetVariable() inside there is hanging in the firmware (despite the variable being 1140 bytes shorter than the maximum allowed). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Attachment added: "2.jpeg" https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+attachment/5498532/+files/2.jpeg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Attachment added: "1.jpeg" https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+attachment/5498531/+files/1.jpeg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Attachment added: "0.jpeg" https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+attachment/5498530/+files/0.jpeg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
Hi, thank you for the ppa. It was much easier this way. After reinstalling shim and 'sudo mokutil --set-verbosity true' I got a blue screen (secure boot not enabled > ok) and afterwards three pages of logs. I created a professional slow motion screen recording and extracted the pages. Not sure if it will help. ** Attachment added: "last page of logs" https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+attachment/5498529/+files/screenshot.jpeg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
On Mon, May 17, 2021 at 03:23:45PM -, Dimitri John Ledkov wrote: > See > https://github.com/lcp/mokutil/commit/03bb7af4a84c39f2417fd14ef20b11b2e8d1ad51 > Is this something you can compile yourself, or do you need me to provide > you with an updated mokutil package? I have provided a mokutil package with the fix here: https://launchpad.net/~vorlon/+archive/ubuntu/ppa Please install it by running: sudo add-apt-repository ppa:vorlon/ppa sudo apt install mokutil and then 'sudo mokutil --set-verbosity true' should work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
> I reinstalled Ubuntu 21.04 from scratch and updated all packages during installation. If you were able to boot the install image, then this might not be a bug in shim, as the shim on the install image should not work either. Also we only download upgrades during install, but do not apply them, so you should end up with 15.4-0ubuntu1. I'd like to see results for each of those versions of shim ( * hirsute 15.4-0ubuntu1 * hirsute-updates 15.4-0ubuntu2 * groovy-updates 15+1552672080.a4a1fbe-0ubuntu2 Note that you need to install shim-signed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
@kebkeb you can download that efivariable as a file into the efivars dir. Or you need to compile the new mokutil that supports setting that on non-secureboot systems too. See https://github.com/lcp/mokutil/commit/03bb7af4a84c39f2417fd14ef20b11b2e8d1ad51 Is this something you can compile yourself, or do you need me to provide you with an updated mokutil package? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
I tried "sudo mokutil --set-verbosity true" but >"This system doesn't support Secure Boot". ** Description changed: Hi, I have a MacBookPro14,3. After upgrade to Ubuntu 21.04 it failed to boot. At first I thought I'm affected by https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925010. But my MacBook has newer efi Version and the fixed version of shim- signed is not solving my issues. - >sudo dmesg | grep EFI + >sudo dmesg | grep EFI [0.00] efi: EFI v2.40 by Apple [0.011978] ACPI: UEFI 0x7AF7D000 42 (v01 INTEL EDK2 0002 0113) [0.012029] ACPI: Reserving UEFI table memory at [mem 0x7af7d000-0x7af7d041] [0.411423] fb0: EFI VGA frame buffer device [0.418914] EFI Variables Facility v0.08 2004-May-17 [2.696996] fb0: switching to amdgpudrmfb from EFI VGA I reinstalled Ubuntu 21.04 from scratch and updated all packages during installation. The reboot failed. I hear the apple start sound and then an endless repeating echo. I've chrooted inside my system and verified that shim-signed 1.47+15.4-0ubuntu2 is installed. The suggested workaround from the other bug works (I can normally boot afterwards): /boot/efi/EFI# cp -b ubuntu/grubx64.efi ubuntu/shimx64.efi - /boot/efi/EFI# cp -b ubunt/grubx64.efi BOOT/BOOTX64.EFI + /boot/efi/EFI# cp -b ubuntu/grubx64.efi BOOT/BOOTX64.EFI "sudo apt reinstall shim-signed" reliable breaks my macbook again. - Is there anything I can do to help solving this issue? What do you need? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Tags added: fr-1373 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Changed in: shim-signed (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
For your current work around to persist, you should also do: $ sudo dpkg-divert /usr/lib/shim/shimx64.efi.signed $ sudo cp /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed /usr/lib/shim/shimx64.efi.signed This way whenever grub-install is called, _grub_ is used instead of shim. Unfortunately you have found a bug, which will be escalating to shim upstream. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
One thing you can try while booted up is to run 'mokutil --set-verbosity true' and then reboot, to see if you get any output on the screen from shim that would let us narrow down where things are failing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple
** Changed in: shim-signed (Ubuntu) Status: New => Triaged ** Changed in: shim-signed (Ubuntu) Importance: Undecided => Critical ** Changed in: shim (Ubuntu) Importance: Undecided => Critical ** Changed in: shim (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928434 Title: shim-signed does not boot on EFI 2.40 by Apple To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1928434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs