Ubuntu
grub2 package

package shim-signed 1.34.9.1+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1

Bug #1780187 reported by Steven on 2018-07-05

This bug report is a duplicate of: Bug #1062623: enable grub-2.00 boot-from-luks support. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	grub2 (Ubuntu)	Incomplete	Undecided	Unassigned

Bug Description

Description: Ubuntu 18.04 LTS
Release: 18.04

shim-signed:
  Installed: 1.34.9.1+13-0ubuntu2
  Candidate: 1.34.9.1+13-0ubuntu2
  Version table:
*** 1.34.9.1+13-0ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1.34.9+13-0ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

Should be upgrading without issues from software updater.

Failed to upgrade/install

ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.34.9.1+13-0ubuntu2
ProcVersionSignature: Ubuntu 4.15.0-22.24-generic 4.15.17
Uname: Linux 4.15.0-22-generic x86_64
NonfreeKernelModules: kpatch_livepatch_Ubuntu_4_15_0_22_24_generic_40
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
Date: Thu Jul 5 08:25:52 2018
EFIBootMgr:
BootCurrent: 0001
Timeout: 2 seconds
BootOrder: 0001
Boot0000 Windows Boot Manager HD(1,GPT,c8503e71-253d-4a48-8fe2-6cfd307f2cef,0x800,0xfa000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...K................
Boot0001* ubuntu HD(1,GPT,70d47ac7-faca-4fcc-bfb3-f5583567d130,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)
EFITables:
juil. 03 08:49:52 tagstev kernel: efi: EFI v2.40 by American Megatrends
juil. 03 08:49:52 tagstev kernel: efi: ACPI=0x97995000 ACPI 2.0=0x97995000 SMBIOS=0xf0000 ESRT=0x9a268598
juil. 03 08:49:52 tagstev kernel: secureboot: Secure boot could not be determined (mode 0)
juil. 03 08:49:52 tagstev kernel: esrt: Reserving ESRT space from 0x000000009a268598 to 0x000000009a2685d0.
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 1
InstallationDate: Installed on 2018-06-06 (28 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
RelatedPackageVersions:
dpkg 1.19.0.5ubuntu2
apt 1.6.1
SecureBoot: 6 0 0 0 0
SourcePackage: shim-signed
Title: package shim-signed 1.34.9.1+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

Revision history for this message

Steven (svanpoeck) wrote on 2018-07-05:

AptOrdering.txt Edit (1.2 KiB, text/plain; charset="utf-8")
BootEFIContents.txt Edit (69 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (1.9 KiB, text/plain; charset="utf-8")
Df.txt Edit (3.6 KiB, text/plain; charset="utf-8")
Dmesg.txt Edit (166.3 KiB, text/plain; charset="utf-8")
DpkgHistoryLog.txt Edit (3.6 KiB, text/plain; charset="utf-8")
DpkgTerminalLog.txt Edit (7.5 KiB, text/plain; charset="utf-8")
DuplicateSignature.txt Edit (795 bytes, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.2 KiB, text/plain; charset="utf-8")

description:

updated

Apport retracing service (apport) on 2018-07-05

tags:

removed: need-duplicate-check

Revision history for this message

Steve Langasek (vorlon) wrote on 2018-07-05:

The error in your log is:

grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'.
dpkg: error processing package shim-signed (--configure):
installed shim-signed package post-installation script subprocess returned error exit status 1

Your attached df output confirms that you have a separate ESP mounted at /boot/efi, but that your root is on a (presumably encrypted) LVM volume, and you do not have a separate unencrypted /boot partition. The question is, how did you only run into this error on upgrade? The SecureBoot-signed EFI grub has never included cryptodisk support, which means it would only ever boot if you had an unencrypted /boot since it would be unable to read the kernel from the encrypted volume. I see that your system has SecureBoot disabled, so that would not directly block you from booting, however the error message in grub is also not new so I don't understand how you got your system into such a state that you are getting the error message on upgrade.

affects:	shim-signed (Ubuntu) → grub2 (Ubuntu)
Changed in grub2 (Ubuntu):
status:	New → Incomplete

Revision history for this message

Steven (svanpoeck) wrote on 2018-07-09: Re: [Bug 1780187] Re: package shim-signed 1.34.9.1+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1

Hi Steve,

Thanks for your answer.

I don't know how my system got to this state, I'm just a user.

I simply installed Ubuntu 18.04 as a new system (no dual boot) on my
laptop computer and then copied relevant parts of my data back onto my
/home and /etc partition.

I do recall I had an issue because at one point I replaced /etc/fstab
with the one from my old installation so the system did not boot any longer.

I followed instructions I found somewhere (it might be
https://askubuntu.com/questions/83172/repairing-the-fstab, but I'm not
sure) to rebuild it, so maybe that's where things got out of hand...

Let me know if you need any further information.

Best regards,

Steven

On 05/07/2018 17:58, Steve Langasek wrote:
> The error in your log is:
>
> grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'.
> dpkg: error processing package shim-signed (--configure):
> installed shim-signed package post-installation script subprocess returned error exit status 1
>
> Your attached df output confirms that you have a separate ESP mounted at
> /boot/efi, but that your root is on a (presumably encrypted) LVM volume,
> and you do not have a separate unencrypted /boot partition. The
> question is, how did you only run into this error on upgrade? The
> SecureBoot-signed EFI grub has never included cryptodisk support, which
> means it would only ever boot if you had an unencrypted /boot since it
> would be unable to read the kernel from the encrypted volume. I see
> that your system has SecureBoot disabled, so that would not directly
> block you from booting, however the error message in grub is also not
> new so I don't understand how you got your system into such a state that
> you are getting the error message on upgrade.
>
> ** Package changed: shim-signed (Ubuntu) => grub2 (Ubuntu)
>
> ** Changed in: grub2 (Ubuntu)
> Status: New => Incomplete
>