ubiquity removes linux-signed during installation cleanup preventing (some) secureboot machines from booting

Bug #1067659 reported by Stéphane Graber on 2012-10-17
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu CD Images
Critical
Colin Watson
livecd-rootfs (Ubuntu)
Critical
Colin Watson
Quantal
Critical
Colin Watson
ubiquity (Ubuntu)
Critical
Colin Watson
Quantal
Critical
Colin Watson
ubuntu-defaults-builder (Ubuntu)
High
Colin Watson
Quantal
High
Colin Watson

Bug Description

The desktop images properly contain both unsigned and signed kernels and boot from the signed one.
One would expect the installer to keep the signed image on secureboot systems and remove the unsigned one, however it's currently doing the opposite leading to non-bootable systems for those requiring the kernel to be signed.

Relevant logs (from IRC):
08:46 < stgraber> cjwatson: /var/lib/ubiquity/install-kernels: http://paste.ubuntu.com/1284614/
08:47 < stgraber> cjwatson: /var/log/syslog: http://paste.ubuntu.com/1284615/
08:47 < stgraber> cjwatson: check-kernel with -x: http://paste.ubuntu.com/1284619/
08:53 < stgraber> cjwatson: debug log: http://paste.ubuntu.com/1284628
09:04 < stgraber> cjwatson: http://paste.ubuntu.com/1284645

Changed in ubiquity (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → Critical
milestone: none → ubuntu-12.10
Colin Watson (cjwatson) on 2012-10-17
Changed in ubiquity (Ubuntu Quantal):
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
description: updated
Colin Watson (cjwatson) on 2012-10-17
Changed in ubuntu-defaults-builder (Ubuntu Quantal):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
milestone: none → ubuntu-12.10
Changed in livecd-rootfs (Ubuntu Quantal):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Colin Watson (cjwatson)
milestone: none → ubuntu-12.10
Changed in ubuntu-cdimage:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Colin Watson (cjwatson)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package livecd-rootfs - 2.93

---------------
livecd-rootfs (2.93) quantal; urgency=low

  * Revert binary/$INITFS/kernel-$FLAVOUR to the unsigned kernel, and link
    signed kernels to binary/$INITFS/kernel-$FLAVOUR.efi.signed instead
    (LP: #1067659).
 -- Colin Watson <email address hidden> Wed, 17 Oct 2012 11:48:47 +0100

Changed in livecd-rootfs (Ubuntu Quantal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-defaults-builder - 0.44

---------------
ubuntu-defaults-builder (0.44) quantal; urgency=low

  * Revert binary/casper/vmlinuz to the unsigned kernel, and put the signed
    kernel in binary/casper/vmlinuz.efi.signed instead (LP: #1067659).
 -- Colin Watson <email address hidden> Wed, 17 Oct 2012 11:50:23 +0100

Changed in ubuntu-defaults-builder (Ubuntu Quantal):
status: In Progress → Fix Released
Colin Watson (cjwatson) wrote :

revno: 951
fixes bug: https://launchpad.net/bugs/1067659
committer: Colin Watson <email address hidden>
branch nick: cdimage
timestamp: Wed 2012-10-17 12:13:24 +0100
message:
  Download kernel-FLAVOUR.efi.signed for >= quantal/amd64.

revno: 1822
fixes bug: https://launchpad.net/bugs/1067659
committer: Colin Watson <email address hidden>
branch nick: debian-cd
timestamp: Wed 2012-10-17 12:15:06 +0100
message:
  Use $CDDIR/casper/filesystem.kernel-$FLAVOUR.efi.signed if available.

Changed in ubuntu-cdimage:
status: In Progress → Fix Released
Colin Watson (cjwatson) wrote :

Now in quantal-updates:

ubiquity (2.12.15) quantal-proposed; urgency=low

  * Make sure not to remove the signed kernel if we need it (LP: #1067659).
  * Copy the signed kernel from /cdrom/casper/vmlinuz.efi.signed.
    /cdrom/casper/vmlinuz needs to remain unsigned to avoid breaking
    checksums.

 -- Colin Watson <email address hidden> Wed, 17 Oct 2012 11:38:04 +0100

Changed in ubiquity (Ubuntu Quantal):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers