Public bug reported: On my ASUS Transformer Mini T103HAF, it seems like the dbx in Ubuntu 24.04 is too big or something, it breaks TPM's PCR7 measurement. And since secureboot-db.service runs in a live CD, simply booting one will apply this dbx. This causes BitLocker in the existing Windows installation to fails to unlock & require recovery key.
Step to reproduce: 1. Boot into pre-installed Windows installation. Run "msinfo32.exe" as administrator, go to "System Summary", and verify that "PCR7 Configuration" is shown as "Bound". 2. Before proceed further, make sure that you have BitLocker recovery key available (or have it suspended). I have one backed up in Microsoft Account [1], or I think you can also open a terminal as administrator and run `manage-bde -protectors -get "C:"`. 3. Restart the machine into USB flashed with Ubuntu 24.04 live CD. You don't have to finish setting up language, keyboard layout etc.; you can restart the system as soon as a GUI appear. By that point, "secureboot-db.service" should have run. 4. Boot back to Windows. At this point, Windows will fail to boot asking for BitLocker recovery key. Input the key you have from step 2. After that, the system will reboot itself again. 5. Run "msinfo32.exe" as administrator again. Go to "System Summary", and notice that "PCR7 Configuration" is now shown as "Binding not possible". 6. Restart into the live USB again. This time, it won't boot, failing with: ``` Could not create MokListRT: Volume full Could not create MokListXRT: Volume full Could not create SbatlevelRT: Volume full Could not create MokListTrustedRT: Volume full Something has gone seriously wrong: import_mok_state() failed : Volume Full ``` And shortly after that, the machine turns off. [1]: https://account.microsoft.com/devices/recoverykey --- Now, to verify that dbx is indeed the source of the problem, I did the following: 1. Reboot the system to the UEFI settings, go to Security > Secure Boot > Key Management, select Forbidden Signature > Set new key > Yes (restore to factory). 2. Reboot to Windows again. It will probably ask for BitLocker recovery key again. But once booted, run "msinfo32.exe" as administrator, go to "System Summary". "PCR7 Configuration" is now shown as "Bound" again. 3. Reboot into live USB again. This time it will boot. For debugging purpose, go to terminal and run `sudo mokutil --set-verbosity true`. Reboot to live USB. 4. Shim will now prints verbose message. Because I can't screencapture the boot process, I can't really transcribe the whole log to text (and my photo is of low quality). However, there are repeating lines along the line of (by now I'm using another Shim binary from Fedora 39 boot USB): ``` mok.c:798:mirror_one_mok_variable() tpm_log_event(0x73207F18, 76, 14, "MokListX")->Volume Full Could not create MokListXRT: Volume Full mok.c:926:import_one_mok_state() returning Volume Full ``` Or: ``` mok.c:762:mirror_one_mok_variable() tpm_measure_variable("SbatLevel",46,0x73207F98)->Volume Full Could not create SbatLevelRT: Volume Full mok.c:926:import_one_mok_state() returning Volume Full ``` --- I think there might be 2 problems that has to both be solved: 1. The dbx update causes breakage to TPM measured boot on this particular firmware. 2. Shim considers failure in TPM measured boot to be fatal and refuses to boot at all (as oppose to Windows which will still at least boot even if it will have to ask for recovery key later on). --- Information about my tablet: Make & model: ASUS Transformer Mini T103HAF Firmware (BIOS) make & version: American Megatrends Inc. T103HAF.309, 22/4/2019 TPM manufacturer: INTC TPM manufacturer version: 2.0.5.3015 TPM specification version: 2.0 ** Affects: secureboot-db (Ubuntu) Importance: Undecided Status: New ** Affects: shim-signed (Ubuntu) Importance: Undecided Status: New ** Also affects: shim-signed (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061551 Title: Merely booting Ubuntu 24.04 beta live CD breaks BitLocker & booting anything using Shim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/secureboot-db/+bug/2061551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs