arm64: shim crashes in SecureBoot mode w/ some firmware
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shim (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
shim-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
On some firmware, attempting SecureBoot on arm64 will result in a crash. This is reproducible with a build of latest upstream EDK2 for the ArmVirtQemu target, but not with the older version we have packaged (edk2 0~20181115.
Even though we can boot in SecureBoot mode successfully with the old firmware, I've found that doing so results in a corrupted firmware image, making subsequent boots fail. It maybe that the memory access that leads to the Synchronous Exception on newer firmware is a write to the firmware region that is causing the corruption, and therefore the same underlying root cause.
Note that I can also reproduce this with latest upstream GRUB. I looked for possible fixes for this in shim upstream, in case it is a problem with how shim invokes GRUB - or an issue with the Protocols shim registers. The only change I see that might be relevant that we don't already have is "6df7a8f Fix for "Section 0 has negative size" error when loading fbaa64.efi", but I could still reproduce after applying that.
summary: |
- arm64: GRUB crashes in SecureBoot mode w/ some firmware + arm64: shim crashes in SecureBoot mode w/ some firmware |
Changed in shim (Ubuntu): | |
status: | New → In Progress |
Changed in gnu-efi (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in shim (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in shim-signed (Ubuntu): | |
status: | Confirmed → Fix Committed |
no longer affects: | gnu-efi (Ubuntu) |
no longer affects: | grub2-signed (Ubuntu) |
Changed in shim-signed (Ubuntu): | |
status: | Fix Committed → Fix Released |
Doesn't look like a grub bug anymore. We can set back to New if necessary.