Steve,
Well, I have attempted to replicate and I can state that this specific problem is not present in Ubuntu 20.04 LTS (I downloaded ubuntu-20.04-live-server-amd64.iso on July 1, 2020).
Do note that, at least for me, while the kdump capture kernel/initrd load successfully, an attempt to capture dump (ie echo c > /proc/sysrq-trigger), results in the system hanging. I suspect the root cause is the following, which I previously reported: https://bugs.launchpad.net/ubuntu/+source/kexec-tools/+bug/1908090 Bug #1908090 “ubuntu 20.04 kdump fails” : Bugs : kexec-tools package : Ubuntu<https://bugs.launchpad.net/ubuntu/+source/kexec-tools/+bug/1908090>
When linux-crashdump (5.4.0.58.61) is enabled on Ubuntu 20.04 LTS, everything appears to be in good working order, according to "systemctl status kdump-tools" and "kdump-config status". However, upon an actual crash, the system hangs, and no crash files are produced. I've investigated and have learned that the capture kernel does indeed start, but it is unable to unpack the rootfs/initrd, and thus fails and hangs. [ 1.070469] Trying to unpack rootfs image as initramfs... [ 1.333182] sw...
bugs.launchpad.net
Thanks,
eric
________________________________
From: <email address hidden> <email address hidden> on behalf of Benedikt <email address hidden>
Sent: Tuesday, February 23, 2021 4:57 PM
To: Eric Devolder <email address hidden>
Subject: [Bug 1840941] Re: kdump fails to start with secure boot enabled
This seems still to be a problem? Any news on this bug?
Title:
kdump fails to start with secure boot enabled
Status in shim-signed package in Ubuntu:
Fix Committed
Bug description:
The shim shipped in Ubuntu suffers from a bug that does not allow propagating its
keys into the Linux keyring. Thus at kexec_file_load time, the signature
validation fails.
Steve, 20.04-live- server- amd64.iso on July 1, 2020). trigger) , results in the system hanging. I suspect the root cause is the following, which I previously reported: /bugs.launchpad .net/ubuntu/ +source/ kexec-tools/ +bug/1908090 /bugs.launchpad .net/ubuntu/ +source/ kexec-tools/ +bug/1908090>
Well, I have attempted to replicate and I can state that this specific problem is not present in Ubuntu 20.04 LTS (I downloaded ubuntu-
Do note that, at least for me, while the kdump capture kernel/initrd load successfully, an attempt to capture dump (ie echo c > /proc/sysrq-
https:/
Bug #1908090 “ubuntu 20.04 kdump fails” : Bugs : kexec-tools package : Ubuntu<https:/
When linux-crashdump (5.4.0.58.61) is enabled on Ubuntu 20.04 LTS, everything appears to be in good working order, according to "systemctl status kdump-tools" and "kdump-config status". However, upon an actual crash, the system hangs, and no crash files are produced. I've investigated and have learned that the capture kernel does indeed start, but it is unable to unpack the rootfs/initrd, and thus fails and hangs. [ 1.070469] Trying to unpack rootfs image as initramfs... [ 1.333182] sw...
bugs.launchpad.net
Thanks,
eric
_______ _______ _______ _______ ____
From: <email address hidden> <email address hidden> on behalf of Benedikt <email address hidden>
Sent: Tuesday, February 23, 2021 4:57 PM
To: Eric Devolder <email address hidden>
Subject: [Bug 1840941] Re: kdump fails to start with secure boot enabled
This seems still to be a problem? Any news on this bug?
-- /bugs.launchpad .net/bugs/ 1840941
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
kdump fails to start with secure boot enabled
Status in shim-signed package in Ubuntu:
Fix Committed
Bug description:
The shim shipped in Ubuntu suffers from a bug that does not allow propagating its
keys into the Linux keyring. Thus at kexec_file_load time, the signature
validation fails.
This is explained in these bugs/links: /github. com/rhboot/ shim/pull/ 153 /bugzilla. redhat. com/show_ bug.cgi? id=1662929
https:/
https:/
This problem is in Ubuntu 16.04 as well as 18.04.
There is a workaround; essentially by loading an additional cert into the
MOK, the bug goes away.
lsb_release -rd
Description: Ubuntu 18.04.3 LTS
Release: 18.04
apt-cache policy shim-signed 04.3+15+ 1533136590. 3beb971- 0ubuntu1 04.3+15+ 1533136590. 3beb971- 0ubuntu1 04.3+15+ 1533136590. 3beb971- 0ubuntu1 500 archive. ubuntu. com/ubuntu bionic-updates/main amd64 Packages dpkg/status
1.34.9+ 13-0ubuntu2 500 archive. ubuntu. com/ubuntu bionic/main amd64 Packages
shim-signed:
Installed: 1.37~18.
Candidate: 1.37~18.
Version table:
*** 1.37~18.
500 http://
100 /var/lib/
500 http://
Expected to happen:
Canonical keys to be listed in the Linux keyring is enabled.
systemctl start kdump-tools.service is expected to succeeed
What happened instead: kdump/initr
Canonical keys not in the Linux keyring, thus kdump fails to load/start.
systemctl start kdump-tools.service
systemctl status kdump-tools.service
Aug 21 15:43:53 vm362 systemd[1]: Starting Kernel crash dump capture service...
Aug 21 15:43:53 vm362 kdump-tools[980]: Starting kdump-tools: * Creating symlin
Aug 21 15:43:53 vm362 kdump-tools[980]: * Creating symlink /var/lib/
Aug 21 15:43:54 vm362 kdump-tools[980]: kexec_file_load failed: Required key not
Aug 21 15:43:54 vm362 kdump-tools[980]: * failed to load kdump kernel
To manage notifications about this bug go to: /bugs.launchpad .net/ubuntu/ +source/ shim-signed/ +bug/1840941/ +subscriptions
https:/