default should be to disable Secure Boot when installing third-party drivers

Bug #1606393 reported by Mathieu Trudel-Lapierre on 2016-07-25
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
High
Mathieu Trudel-Lapierre
Xenial
High
Unassigned

Bug Description

[Impact]
Users choosing to install third-party drivers for their system at installation time.

[Test case]
1) Start ubiquity install
2) On the prepare screen, pick "Install third-party drivers"

The install should automatically have the "Disable Secure Boot" checkbox checked.

[Regression Potential]
Doing this will block the installer while users enter a password to use to disable Secure Boot, or go uncheck the checkbox. Possible failure cases might be crashes due to errors in mokutil or in the kernel handling of efi variables which might have ubiquity crash. This happens early in the installer process, before any changes are made to the system.

---

The default behavior in ubiquity when installing third-party drivers should be to suggest disabling Secure Boot, as it may otherwise be missed due to confusion. Third-party drivers of the type installed in that option in ubiquity are typically dkms packages which will need Secure Boot disabled in shim to work correctly.

Changed in ubiquity (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Jeremy Bicha (jbicha) wrote :

I think this caused a regression. See bug 1612450 and bug 1612449.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubiquity - 16.10.10

---------------
ubiquity (16.10.10) yakkety; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * Automatic update of included source packages: flash-kernel
    3.0~rc.4ubuntu64, netcfg 1.138ubuntu2, partman-auto 134ubuntu3.
  * ubi-prepare.py: default to disabling Secure Boot when third party drivers
    are being installed, since it's most likely what people will want. This
    will also avoid people skipping through this important part of the
    installer without noticing, only to find their systems not all working
    correctly. (LP: #1606393)

  [ Jeremy Bicha ]
  * gtk/ubiquity.ui: Right align Skip button (LP: #1612455)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 09 Sep 2016 10:14:36 -0400

Changed in ubiquity (Ubuntu):
status: In Progress → Fix Released

Hello Mathieu, or anyone else affected,

Accepted ubiquity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubiquity/2.21.63.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ubiquity (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed
Mathew Hodson (mhodson) on 2016-09-10
Changed in ubiquity (Ubuntu Xenial):
importance: Undecided → High

"Disable Secure Boot" option is now ticked by default in ubiquity. Completing the install requires the conscious step of unchecking the checkbox or entering a password to disable Secure Boot. Verification done.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubiquity - 2.21.63.3

---------------
ubiquity (2.21.63.3) xenial; urgency=medium

  * ubi-prepare.py: default to disabling Secure Boot when third party drivers
    are being installed, since it's most likely what people will want. This
    will also avoid people skipping through this important part of the
    installer without noticing, only to find their systems not all working
    correctly. (LP: #1606393)
  * d-i/sources.list: add xenial-updates to sources.list to pick up any SRUs
    of d-i components that are no longer in flight.
  * Automatic update of included source packages: apt-setup
    1:0.104ubuntu4.1, base-installer 1.158ubuntu2.1, netcfg
    1.135ubuntu4.1. (LP: #1590358)
  * bin/ubiquity-dm: wait for the DBus signals telling us that xsettings are
    ready before continuing with preparing ubiquity-dm; this avoids starting
    too quickly and incorrectly applying scale ratios for HiDPI screens.
    (LP: #1560162)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 02 Sep 2016 11:17:13 -0400

Changed in ubiquity (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ubiquity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers