shim-signed does not boot on Lenovo Yoga C630 WOS

Bug #1849863 reported by RussianNeuroMancer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
shim (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hello!

In my attempt to workaround Bug 1839317 I tried to install shim-signed and enable Secure Boot. Unfortunately, shim-signed binary does not boot for some reason (screen stay black). I want to notice that if I try to boot just with grub-efi-arm64-signed without shim binaries on esp (partition was cleaned up, then grub reinstalled) I getting firmware errors regarding invalid signature. So I guess when firmware validate shim-signed signature it is valid, but then when firmware trying to start shim-signed it get started but for some reason silently fail.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

What if you set SHIM_VERBOSE in firmware, using 'sudo mokutil --set-verbosity true' after booting with just grub?

There should be debug messages showing up on screen to tell what is going on in shim in this case, and having those will help in debugging the issue.

Changed in shim (Ubuntu):
status: New → Incomplete
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

> What if you set SHIM_VERBOSE in firmware, using 'sudo mokutil --set-verbosity true' after booting with just grub?

This command fail with "This system doesn't support Secure Boot". On a side note I found that attempt to boot with installed shim-signed fail with both of Secure Boot enabled and disabled.

Also I guess I need to mention that Snapdragon-based laptops currently boot only with "efi=novamap": Bug 1814982

Does it make sense to patch mokutil.c to ignore Secure Boot state (line 2413) or it expected to fail somewhere else due to issue described in Bug 1814982?

Changed in shim (Ubuntu):
status: Incomplete → New
summary: - shim-signed does not boot on Lenovo Yoga C630 WOS with enabled Secure
- Boot
+ shim-signed does not boot on Lenovo Yoga C630 WOS
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.