I've tried this and the problem persists. Note that MAAS *IS* installing the signed kernel, which is necessary but insufficient for a fix; the problem seems to be that Shim/GRUB is becoming confused by the handoff from the PXE-boot version of GRUB to the GRUB stored on the hard disk. If my analysis is correct, this will require either:
* Changes to Shim/GRUB so that it works in this configuration. This used to be the case, but the Shim/GRUB configuration has been tightening security, which introduced this bug as a side effect. * A change in the way MAAS/curtin configures the PXE-booted GRUB so that it boots the system directly, without chainloading to GRUB on the hard disk. Note that this approach to a solution used to be used on ARM64 EFI systems, but that created a (now-fixed) bug #1582070. Thus, if this approach is used, care will have to be taken to not cause a regression on that bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1711203 Title: Deployments fail when Secure Boot enabled To manage notifications about this bug go to: https://bugs.launchpad.net/curtin/+bug/1711203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs