Steve, Well, I have attempted to replicate and I can state that this specific problem is not present in Ubuntu 20.04 LTS (I downloaded ubuntu-20.04-live-server-amd64.iso on July 1, 2020). Do note that, at least for me, while the kdump capture kernel/initrd load successfully, an attempt to capture dump (ie echo c > /proc/sysrq-trigger), results in the system hanging. I suspect the root cause is the following, which I previously reported: https://bugs.launchpad.net/ubuntu/+source/kexec-tools/+bug/1908090 Bug #1908090 “ubuntu 20.04 kdump fails” : Bugs : kexec-tools package : Ubuntu<https://bugs.launchpad.net/ubuntu/+source/kexec-tools/+bug/1908090> When linux-crashdump (5.4.0.58.61) is enabled on Ubuntu 20.04 LTS, everything appears to be in good working order, according to "systemctl status kdump-tools" and "kdump-config status". However, upon an actual crash, the system hangs, and no crash files are produced. I've investigated and have learned that the capture kernel does indeed start, but it is unable to unpack the rootfs/initrd, and thus fails and hangs. [ 1.070469] Trying to unpack rootfs image as initramfs... [ 1.333182] sw... bugs.launchpad.net Thanks, eric
________________________________ From: boun...@canonical.com <boun...@canonical.com> on behalf of Benedikt <1840...@bugs.launchpad.net> Sent: Tuesday, February 23, 2021 4:57 PM To: Eric Devolder <eric.devol...@oracle.com> Subject: [Bug 1840941] Re: kdump fails to start with secure boot enabled This seems still to be a problem? Any news on this bug? -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1840941 Title: kdump fails to start with secure boot enabled Status in shim-signed package in Ubuntu: Fix Committed Bug description: The shim shipped in Ubuntu suffers from a bug that does not allow propagating its keys into the Linux keyring. Thus at kexec_file_load time, the signature validation fails. This is explained in these bugs/links: https://github.com/rhboot/shim/pull/153 https://bugzilla.redhat.com/show_bug.cgi?id=1662929 This problem is in Ubuntu 16.04 as well as 18.04. There is a workaround; essentially by loading an additional cert into the MOK, the bug goes away. lsb_release -rd Description: Ubuntu 18.04.3 LTS Release: 18.04 apt-cache policy shim-signed shim-signed: Installed: 1.37~18.04.3+15+1533136590.3beb971-0ubuntu1 Candidate: 1.37~18.04.3+15+1533136590.3beb971-0ubuntu1 Version table: *** 1.37~18.04.3+15+1533136590.3beb971-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.34.9+13-0ubuntu2 500 500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages Expected to happen: Canonical keys to be listed in the Linux keyring is enabled. systemctl start kdump-tools.service is expected to succeeed What happened instead: Canonical keys not in the Linux keyring, thus kdump fails to load/start. systemctl start kdump-tools.service systemctl status kdump-tools.service Aug 21 15:43:53 vm362 systemd[1]: Starting Kernel crash dump capture service... Aug 21 15:43:53 vm362 kdump-tools[980]: Starting kdump-tools: * Creating symlin Aug 21 15:43:53 vm362 kdump-tools[980]: * Creating symlink /var/lib/kdump/initr Aug 21 15:43:54 vm362 kdump-tools[980]: kexec_file_load failed: Required key not Aug 21 15:43:54 vm362 kdump-tools[980]: * failed to load kdump kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1840941/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840941 Title: kdump fails to start with secure boot enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1840941/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
