Ubuntu
dkms package

Bug #1775672
Comment #7

Comment 7 for bug 1775672

Revision history for this message

Marco van Zwetselaar (zwets) wrote on 2018-07-20:

The problem is that the DKMS hook in virtualbox-dkms starts a whiptail dialog explaining that a new signing key will be enrolled in the MOK database, but this dialog does not get displayed, which is why the system appears to hang.

Below is the output of 'pstree' showing the stack of commands and the whiptail content.

Secondary issue (with DKMS): I have a signing key in the MOK database already (like commenter #4), with which I have always used signed the vbox drivers, so I do not want to enrol a _new_ signing key. So even if I would see the dialog, it does not present the appropriate option.

I have tried this with aptitude, apt, dpkg --configure, both inside and outside of a 'screen' session (to make sure I was on a plain console), but the dialog does not show up in any of these cases.

This is the pstree output:

└─aptitude,5796
   ├─sh,11827 -c DPKG_NO_TSTP=1 dpkg --configure -a
   └─dpkg,11828 --configure -a
       └─virtualbox-dkms,11829 /var/lib/dpkg/info/virtualbox-dkms.postinst configure 5.2.10-dfsg-6ubuntu18.04.1
          └─common.postinst,11830 /usr/lib/dkms/common.postinst virtualbox 5.2.10 /usr/share/virtualbox-dkms 5.2.10-dfsg-6ubuntu18.04.1
             └─dkms,12103 /usr/sbin/dkms build -m virtualbox -v 5.2.10 -k 4.15.0-24-generic
                └─dkms,12120 /usr/sbin/dkms build -m virtualbox -v 5.2.10 -k 4.15.0-24-generic
                   └─frontend,15868 -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key
                      ├─update-securebo,15882 /usr/sbin/update-secureboot-policy --enroll-key
                      └─whiptail,15897 --backtitle Package configuration --title Configuring Secure Boot --output-fd 12 --nocancel --msgbox Y our system has UEFI Secure Boot enabled.\012\012UEFI Secure Boot requires additional configuration to work with third-party drivers.\012\012The system will assist you in configuring UEFI Secure Boot. To permit the use of third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key now needs to be enrolled in your system's \012firmware.\012\012To ensure that this change is being made by you as an authorized user, and not by an attacker, you must choose a password now and then confirm the change after reboot using the same password, in both the\012"Enroll MOK" and "Change Secure Boot state" menus that will be presented to you when this system reboots.\012\012If you proceed but do not confirm the password upon reboot, Ubuntu will still be able to boot on your system but any hardware that requires third-party drivers to work correctly may not be usable. 17 208

Below is the output of 'pstree' showing the stack of commands and the whiptail content.

I have tried this with aptitude, apt, dpkg --configure, both inside and outside of a 'screen' session (to make sure I was on a plain console), but the dialog does not show up in any of these cases.

This is the pstree output:

└─aptitude,5796
   ├─sh,11827 -c DPKG_NO_TSTP=1 dpkg --configure -a
   └─dpkg,11828 --configure -a
       └─virtualbox-dkms,11829 /var/lib/dpkg/info/virtualbox-dkms.postinst configure 5.2.10-dfsg-6ubuntu18.04.1
          └─common.postinst,11830 /usr/lib/dkms/common.postinst virtualbox 5.2.10 /usr/share/virtualbox-dkms  5.2.10-dfsg-6ubuntu18.04.1
             └─dkms,12103 /usr/sbin/dkms build -m virtualbox -v 5.2.10 -k 4.15.0-24-generic
                └─dkms,12120 /usr/sbin/dkms build -m virtualbox -v 5.2.10 -k 4.15.0-24-generic
                   └─frontend,15868 -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key
                      ├─update-securebo,15882 /usr/sbin/update-secureboot-policy --enroll-key
                      └─whiptail,15897 --backtitle Package configuration --title Configuring Secure Boot --output-fd 12 --nocancel --msgbox Y our system has UEFI Secure Boot enabled.\012\012UEFI Secure Boot requires additional configuration to work with third-party drivers.\012\012The system will assist you in configuring UEFI Secure Boot. To permit the use of third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key now needs to be enrolled in your system's \012firmware.\012\012To ensure that this change is being made by you as an authorized user, and not by an attacker, you must choose a password now and then confirm the change after reboot using the same password, in both the\012"Enroll MOK" and "Change Secure Boot state" menus that will be presented to you when this system reboots.\012\012If you proceed but do not confirm the password upon reboot, Ubuntu will still be able to boot on your system but any hardware that requires third-party drivers to work correctly may not be usable. 17 208

Ubuntudkms package

Comment 7 for bug 1775672

Ubuntu
dkms package