Ubuntu
ubiquity package

Third-party drivers are silently left unsigned when installing Ubuntu Desktop on a system with Secure Boot, Broadcom WiFi

Bug #2008120 reported by Aaron Rainbolt
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
shim-signed (Ubuntu)
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
ubiquity (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
New
High
Unassigned

Bug Description

Hardware: HP Elitebook 8570p, 120 GB SSD, 16 GB RAM, Intel Core i5-3210m, UEFI, Secure Boot enabled. Using the Ubuntu 22.04.2 release candidate.

Steps to reproduce:
1. Flash the Ubuntu Desktop 22.04.2 ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
2. Using the new USB drive, boot a laptop with UEFI, Secure Boot enabled, and Broadcom WiFi.
3. When the welcome screen appears, click "Install Ubuntu".
4. When given the option, enable third-party drivers and enter a password for configuring Secure Boot.
5. When presented with the 'Installation type' screen, choose to erase the entire disk and install Ubuntu, then enable LVM+encryption.
6. Proceed with the rest of the installation as normal.
7. When installation is finished, reboot. You will see the MOK enrollment screen.
8. Enroll the MOK using the same password you entered during the installation process.
9. Reboot again.

Expected result: When the Ubuntu desktop appears, WiFi should be fully functional.

Actual result: WiFi is disabled when the Ubuntu desktop appears, and cannot be enabled.

Notes:

Attempting to manually load the Broadcom WiFi driver via "sudo modprobe wl" resulted in the error "modprobe: ERROR: could not insert 'wl': Key was rejected by service".

I was able to get WiFi working after installation by running "sudo dpkg-reconfigure bcmwl-kernel-source". This prompted me to enroll a MOK *a second time*. I used the same password for the second enrollment. I rebooted the system after using dpkg-reconfigure and I was indeed presented with the MOKManager screen. After enrolling this second MOK, I rebooted and WiFi worked as expected.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-32-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed Feb 22 12:13:32 2023
InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
InstallationDate: Installed on 2023-02-22 (0 days ago)
InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ubiquity
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :
description: updated
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

This bug is not a regression - it also affects 22.04.1.

Revision history for this message
Brian Murray (brian-murray) wrote :

I was able to recreate this in qemu using a BCM4352 adapter with an Ubuntu 22.04.2 desktop image with serial 20230217.1.

Changed in ubiquity (Ubuntu):
status: New → Confirmed
Revision history for this message
Brian Murray (brian-murray) wrote :

I see the following in the installation log:

Feb 22 17:56:01 ubuntu ubiquity: Running module version sanity check.#015
Feb 22 17:56:01 ubuntu ubiquity: - Original module#015
Feb 22 17:56:01 ubuntu ubiquity: - No original module exists within this kernel#015
Feb 22 17:56:01 ubuntu ubiquity: - Installation#015
Feb 22 17:56:01 ubuntu ubiquity: - Installing to /lib/modules/5.19.0-32-generic/updates/dkms/#015
Feb 22 17:56:01 ubuntu ubiquity: #015
Feb 22 17:56:01 ubuntu ubiquity: depmod...
Feb 22 17:56:04 ubuntu ubiquity: .
Feb 22 17:56:05 ubuntu ubiquity: #015
Feb 22 17:56:05 ubuntu ubiquity: modprobe: ERROR: could not insert 'wl': Key was rejected by service#015
Feb 22 17:56:05 ubuntu kernel: [ 1469.924554] Loading of module with unavailable key is rejected

Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
https://iso.qa.ubuntu.com/qatracker/reports/bugs/2008120

tags: added: iso-testing
Brian Murray (brian-murray)
summary: Third-party drivers are silently left unsigned when installing Ubuntu
- Desktop on a system with Secure Boot, Broadcom WiFi, and LVM+encryption
+ Desktop on a system with Secure Boot, Broadcom WiFi
Revision history for this message
Brian Murray (brian-murray) wrote :

I was unable to recreate this today with an Ubuntu Desktop image with serial 22030223 but I was also installing with NVidia hardware which might have helped with the MOK enrollment.

Revision history for this message
Brian Murray (brian-murray) wrote :

I also tried with an Ubuntu Desktop image with serial 22030223 without NVidia hardware and with networking disabled during the installation and I was not able to recreate this way either.

Changed in ubiquity (Ubuntu Jammy):
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.