Comment 56 for bug 1711203

This brings a good point. What I didn’t test, which will do tomorrow, is
what happens if I kill Maas and let the same system boot from disk. I
wonder if it will boot.

On Thu, Feb 22, 2018 at 6:20 PM Jeff Lane <email address hidden>
wrote:

> > Is /efi/ubuntu/grubx64.efi on your EFI System Partition definitely the
> > Canonical-signed image from grub-efi-amd64-signed?
>
> I presume so? dpkg says it is:
>
> ubuntu@xwing:/boot/efi/EFI/ubuntu$ dpkg -S grubx64.efi
> grub-efi-amd64-signed: /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed
>
> That's the only thing that provides the file (that I can tell).
>
> > Which version of Ubuntu's grub are you booting via pxe?
>
> ubuntu@xwing:/boot/efi/EFI/ubuntu$ dpkg -l |grep grub|awk '{print $2":
> "$3}'
> grub-common: 2.02~beta2-36ubuntu3.16
> grub-efi-amd64: 2.02~beta2-36ubuntu3.16
> grub-efi-amd64-bin: 2.02~beta2-36ubuntu3.16
> grub-efi-amd64-signed: 1.66.16+2.02~beta2-36ubuntu3.16
> grub-pc: 2.02~beta2-36ubuntu3.16
> grub-pc-bin: 2.02~beta2-36ubuntu3.16
> grub2-common: 2.02~beta2-36ubuntu3.16
>
> That is what is installed on the node.
>
> > If you re-enable SecureBoot and configure this system to boot directly
> from
> > local disk instead of booting pxe first and chainloading, does it boot
> > successfully?
>
> So I re-enabled SecureBoot and removed all NICs from the boot order. I
> added in the HDD (since this is an EFI boot, the HDD is an entry called
> "Ubuntu" under "OTHER" in the boot order)
>
> This fails to boot, I get an error from the system:
>
> Error 1962: No operating system found. Boot sequence will automatically
> repeat.
>
> Because I have no NICs listed in the boot order, this just churns as it
> keeps retrying the HDD entry.
>
> So next, I went back and disabled SecureBoot once more. It immediately
> booted straight from the HDD.
>
> I also just tried a USB install with Secure Boot enabled. I was able to
> install bionic from USB, but it too fails to boot with the same error.
>
> To be fair at this point, given that this does work elsewhere, I'm
> suspicious that this is possibly an issue with my server.
>
> That said, I'd like to see this verified on that Cisco C240 system as an
> extra data point.
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1711203
>
> Title:
> Deployments fail when Secure Boot enabled
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/curtin/+bug/1711203/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: product=curtin; status=Invalid; importance=Undecided;
> assignee=None;
> Launchpad-Bug: product=dellserver; status=New; importance=Undecided;
> assignee=None;
> Launchpad-Bug: product=maas; milestone=2.3.0; status=In Progress;
> importance=High; <email address hidden>;
> Launchpad-Bug: product=maas; productseries=2.3; milestone=2.3.1; status=In
> Progress; importance=High; <email address hidden>;
> Launchpad-Bug: product=maas-images; status=Fix Released;
> importance=Critical; <email address hidden>;
> Launchpad-Bug: distribution=ubuntu; sourcepackage=shim; component=main;
> status=In Progress; importance=High; <email address hidden>;
> Launchpad-Bug-Tags: blocks-hwcert-server id-5a28802797729aedf99dcd37
> Launchpad-Bug-Information-Type: Public
> Launchpad-Bug-Private: no
> Launchpad-Bug-Security-Vulnerability: no
> Launchpad-Bug-Commenters: andreserl bladernr cyphermox jwezel ltrager
> narindergupta raharper rodsmith vorlon
> Launchpad-Bug-Reporter: Rod Smith (rodsmith)
> Launchpad-Bug-Modifier: Jeff Lane (bladernr)
> Launchpad-Message-Rationale: Assignee
> Launchpad-Message-For: andreserl
>
--
Andres Rodriguez (RoAkSoAx)
Ubuntu Server Developer
MSc. Telecom & Networking
Systems Engineer