Latest Azure optimised fips-updates kernel 4.15.0-2007-azure-fips leaves instance in unbootable state
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
In Azure, updating an instance to the latest Azure optimised fips-updates kernel (4.15.0-
The serial console shows the following and reboots:
Checking kernel image: /boot/vmlinuz-
Kernel integrity check failed
Rebooting automatically due to panic= boot argument
This is with the instance type Standard D2s v3
Steps to reproduce (with the UA client in Ubuntu Pro):
-Launch an Ubuntu Pro 18.04 instance on AWS on a Standard D2s v3 instance
sudo add-apt-repository ppa:canonical-
sudo apt install ubuntu-
sudo ua disable livepatch
sudo ua enable fips-updates --beta
sudo apt install linux-azure-fips
KERNEL=$(awk -F"'" '/menuentry.
sudo tee /etc/default/
GRUB_DEFAULT=
GRUB_CMDLINE_
__EOF__
sudo update-grub
sudo reboot
-Look at serial console in Azure Portal
Attaching screenshot of error before kernel panic and auto reboot.
Here is the list of packages installed with the action:
base-files amd64 10.1ubuntu2.9
libpam0g amd64 1.1.8-3.
libpam-modules-bin amd64 1.1.8-3.
libpam-modules amd64 1.1.8-3.
libnss-systemd amd64 237-3ubuntu10.42
libsystemd0 amd64 237-3ubuntu10.42
libpam-systemd amd64 237-3ubuntu10.42
systemd amd64 237-3ubuntu10.42
udev amd64 237-3ubuntu10.42
libudev1 amd64 237-3ubuntu10.42
kmod amd64 24-1ubuntu3.5
libkmod2 amd64 24-1ubuntu3.5
libpam-runtime all 1.1.8-3.
systemd-sysv amd64 237-3ubuntu10.42
python-samba amd64 2:4.7.6+
samba-common-bin amd64 2:4.7.6+
samba-common all 2:4.7.6+
samba-libs amd64 2:4.7.6+
libwbclient0 amd64 2:4.7.6+
iproute2 amd64 4.15.0-2ubuntu1.2
libisc-export169 amd64 1:9.11.
libdns-export1100 amd64 1:9.11.
libirs160 amd64 1:9.11.
bind9-host amd64 1:9.11.
dnsutils amd64 1:9.11.
libbind9-160 amd64 1:9.11.
libisccfg160 amd64 1:9.11.
libisccc160 amd64 1:9.11.
libdns1100 amd64 1:9.11.
libisc169 amd64 1:9.11.
liblwres160 amd64 1:9.11.
libpcap0.8 amd64 1.8.1-6ubuntu1.
libx11-data all 2:1.6.4-3ubuntu0.3
libx11-6 amd64 2:1.6.4-3ubuntu0.3
grub-efi-amd64 amd64 2.02-2ubuntu8.18
grub2-common amd64 2.02-2ubuntu8.18
shim-signed amd64 1.37~18.
grub-efi-
grub-efi-amd64-bin amd64 2.02-2ubuntu8.18
grub-pc-bin amd64 2.02-2ubuntu8.18
grub-common amd64 2.02-2ubuntu8.18
libgssapi-krb5-2 amd64 1.16-2ubuntu0.
python3-
python3-apport all 2.20.9-0ubuntu7.17
apport all 2.20.9-0ubuntu7.17
bcache-tools amd64 1.0.8-2ubuntu0.
curl amd64 7.58.0-2ubuntu3.10
libcurl4 amd64 7.58.0-2ubuntu3.10
libcurl3-gnutls amd64 7.58.0-2ubuntu3.10
linux-modules-
linux-image-
libkrb5-3 amd64 1.16-2ubuntu0.
libkrb5support0 amd64 1.16-2ubuntu0.
libk5crypto3 amd64 1.16-2ubuntu0.
krb5-locales all 1.16-2ubuntu0.
linux-modules-
linux-modules-
linux-azure amd64 5.4.0.1023.7
linux-image-azure amd64 5.4.0.1023.7
linux-azure-
linux-image-
linux-headers-
linux-headers-azure amd64 5.4.0.1023.7
linux-tools-common all 4.15.0-115.116
linux-azure-
linux-azure-fips amd64 4.15.0.2007.7
linux-image-
linux-azure-
linux-tools-
linux-tools-azure amd64 5.4.0.1023.7
linux-cloud-
linux-azure-
linux-cloud-
linux-cloud-
software-
python3-
linux-headers-
linux-headers-
linux-azure-
linux-tools-
linux-tools-
linux-azure-
linux-cloud-
linux-cloud-
linux-image-
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Committed |
Status changed to 'Confirmed' because the bug affects multiple users.