Software Updater hanging indefinitely waiting for secure boot key entry

Bug #1818350 reported by dualBootLaptop on 2019-03-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
Undecided
Unassigned

Bug Description

A few hours ago I turned on my computer (it was completely shut down) and Software Updater immediately popped up. I gave it permission to install updates.

I edited some Google Docs in Chrome while Software Updater worked. I had no other programs open.

At some point a window called "Debconf" opened in the background. That window is grayed out and its icon on the left sidebar is a question mark. I assume it's related to the Software Updater problem...somehow.

I clicked "Details" in Software Updater to see what the holdup was.
I have copy-pasted out the output with Ctrl+Insert:

DKMS: uninstall completed.

------------------------------
Deleting module version: 4.3.36
completely from the DKMS tree.
------------------------------
Done.
Unpacking virtualbox-dkms (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2) over (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1) ...
Preparing to unpack .../virtualbox_4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2_amd64.deb ...
Unpacking virtualbox (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.2) over (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu1.1) ...
Processing triggers for mime-support (3.54ubuntu1.1) ...
Processing triggers for gnome-menus (3.10.1-0ubuntu2) ...
Processing triggers for bamfdaemon (0.5.1+14.04.20140409-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for shared-mime-info (1.2-0ubuntu3) ...
Unknown media type in type 'all/all'
Unknown media type in type 'all/allfiles'
Unknown media type in type 'uri/mms'
Unknown media type in type 'uri/mmst'
Unknown media type in type 'uri/mmsu'
Unknown media type in type 'uri/pnm'
Unknown media type in type 'uri/rtspt'
Unknown media type in type 'uri/rtspu'
Setting up libapt-inst1.5:amd64 (1.0.1ubuntu2.20) ...
Setting up libsqlite3-0:amd64 (3.8.2-1ubuntu2.2) ...
Setting up sqlite3 (3.8.2-1ubuntu2.2) ...
Setting up mountall (2.53ubuntu1) ...
Setting up libkrb5support0:i386 (1.12+dfsg-2ubuntu5.4) ...
Setting up libkrb5support0:amd64 (1.12+dfsg-2ubuntu5.4) ...
Setting up libk5crypto3:i386 (1.12+dfsg-2ubuntu5.4) ...
Setting up libk5crypto3:amd64 (1.12+dfsg-2ubuntu5.4) ...
Setting up libkrb5-3:i386 (1.12+dfsg-2ubuntu5.4) ...
Setting up libkrb5-3:amd64 (1.12+dfsg-2ubuntu5.4) ...
Setting up libgssapi-krb5-2:i386 (1.12+dfsg-2ubuntu5.4) ...
Setting up libgssapi-krb5-2:amd64 (1.12+dfsg-2ubuntu5.4) ...
Setting up libcurl3-gnutls:amd64 (7.35.0-1ubuntu2.20) ...
Setting up libpolkit-gobject-1-0:amd64 (0.105-4ubuntu3.14.04.5) ...
Setting up libp11-kit-gnome-keyring:amd64 (3.10.1-1ubuntu4.4) ...
Setting up gnome-keyring (3.10.1-1ubuntu4.4) ...
Setting up ca-certificates (20170717~14.04.2) ...
Setting up libarchive13:amd64 (3.1.2-7ubuntu2.8) ...
Setting up libavahi-common-data:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-common-data:i386 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-common3:i386 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-common3:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-client3:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-client3:i386 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-core7:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-glib1:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libavahi-gobject0:amd64 (0.6.31-4ubuntu1.3) ...
Setting up libcaca0:amd64 (0.99.beta18-1ubuntu5.1) ...
Setting up libcurl3:amd64 (7.35.0-1ubuntu2.20) ...
Setting up curl (7.35.0-1ubuntu2.20) ...
Setting up libtiff5:i386 (4.0.3-7ubuntu0.10) ...
Setting up libtiff5:amd64 (4.0.3-7ubuntu0.10) ...
Setting up libgd3:amd64 (2.1.0-3ubuntu0.11) ...
Setting up libldb1:amd64 (1:1.1.24-0ubuntu0.14.04.2) ...
Setting up python-ldb (1:1.1.24-0ubuntu0.14.04.2) ...
Setting up libpam-gnome-keyring:amd64 (3.10.1-1ubuntu4.4) ...
Setting up libpolkit-agent-1-0:amd64 (0.105-4ubuntu3.14.04.5) ...
Setting up libpolkit-backend-1-0:amd64 (0.105-4ubuntu3.14.04.5) ...
Setting up libpoppler44:amd64 (0.24.5-2ubuntu4.16) ...
Setting up libpoppler-glib8:amd64 (0.24.5-2ubuntu4.16) ...
Setting up libpoppler-qt4-4:amd64 (0.24.5-2ubuntu4.16) ...
Setting up fonts-opensymbol (2:102.6+LibO4.2.8-0ubuntu5.5) ...
Setting up libreoffice-style-human (1:4.2.8-0ubuntu5.5) ...
Setting up uno-libs3 (4.2.8-0ubuntu5.5) ...
Setting up ure (4.2.8-0ubuntu5.5) ...
Setting up libreoffice-common (1:4.2.8-0ubuntu5.5) ...
Installing new version of config file /etc/bash_completion.d/libreoffice.sh ...
Setting up libspice-server1:amd64 (0.12.4-0nocelt2ubuntu1.8) ...
Setting up libvncserver0:amd64 (0.9.9+dfsg-1ubuntu1.4) ...
Setting up linux-image-3.13.0-165-generic (3.13.0-165.215) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.13.0-165-generic /boot/vmlinuz-3.13.0-165-generic
run-parts: executing /etc/kernel/postinst.d/dkms 3.13.0-165-generic /boot/vmlinuz-3.13.0-165-generic
Generating a new Secure Boot signing key:
Generating a 2048 bit RSA private key
.....................................................+++
........................................................................................+++
writing new private key to '/var/lib/shim-signed/mok/MOK.priv'
-----

I have left off the bit at the end where I tried typing in my password --- I found some people on the Internet stuck on this message and they suggested a password, but it didn't do anything, even typing it in four times. I also tried hitting Escape five times, no result.

(https://devtalk.nvidia.com/default/topic/1036167/linux/stuck-trying-to-intall-nvidia-390-ubuntu-18-04-lts-/ is the Google result I found --- I now think that whatever is going on with them is something completely different, they were trying to install some nvidia thing. But they did say that interrupting "writing new private key to '/var/lib/shim-signed/mok/MOK.priv'" ruined *everything* and forced them to reinstall Ubuntu from scratch, so...I'm very reluctant to try just interrupting it and rebooting at this point.)

This obviously has something to do with Secure Boot, but otherwise I don't know what this is saying.

I checked debconf-show shim-signed, which says that secureboot is neither enabled nor disabled. I have no idea what that means.

$ sudo debconf-show shim-signed
[sudo] password for david:
  shim/error/secureboot_key_mismatch:
* shim/disable_secureboot: false
* shim/secureboot_explanation:
  shim/title/secureboot:
  shim/error/bad_secureboot_key:
  shim/enable_secureboot: false
  shim/secureboot_key_again:
  shim/secureboot_key:

I think I'm going to try disabling Secure Boot (it was supposed to be disabled already), but I want to get all the stuff attached to this report first in case trying to disable Secure Boot bricks my computer.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-164-generic 3.13.0-164.214
ProcVersionSignature: Ubuntu 3.13.0-164.214-generic 3.13.11-ckt39
Uname: Linux 3.13.0-164-generic x86_64
NonfreeKernelModules: vboxpci vboxnetadp vboxnetflt vboxdrv fglrx
ApportVersion: 2.14.1-0ubuntu3.29
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: david 3244 F.... pulseaudio
 /dev/snd/controlC0: david 3244 F.... pulseaudio
CurrentDesktop: Unity
Date: Sat Mar 2 11:30:23 2019
HibernationDevice: RESUME=UUID=907fdd35-197c-4341-9daa-c29636443fb6
InstallationDate: Installed on 2014-06-06 (1730 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
MachineType: Hewlett-Packard HP Pavilion 17 Notebook PC
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-164-generic.efi.signed root=UUID=1fe70a4d-bce2-4bc1-921f-d793500b9af8 ro quiet splash crashkernel=384M-:128M vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-164-generic N/A
 linux-backports-modules-3.13.0-164-generic N/A
 linux-firmware 1.127.24
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/11/2014
dmi.bios.vendor: Insyde
dmi.bios.version: F.35
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: 1984
dmi.board.vendor: Hewlett-Packard
dmi.board.version: 01.15
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnInsyde:bvrF.35:bd11/11/2014:svnHewlett-Packard:pnHPPavilion17NotebookPC:pvr0880100021305B10000620100:rvnHewlett-Packard:rn1984:rvr01.15:cvnHewlett-Packard:ct10:cvrChassisVersion:
dmi.product.name: HP Pavilion 17 Notebook PC
dmi.product.version: 0880100021305B10000620100
dmi.sys.vendor: Hewlett-Packard

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed

Thank you for your bug report, it's not exactly clear to me what's the problem you are reporting but there are several problems there
- the debconf dialog opened in the background, not making obvious that the update is blocked on input
- the way debconf is listed with a question mark is suboptimal
- the fact it's prompting/failing to communicate why it's prompting about?

The main issue there was the password prompt. Do you get confused by the UI? Or the purpose of the prompt? Or you don't know what passphrase it's asking about?
Do you maybe have a screenshot of what the UI you had was looking like?

-

summary: - Software Updater hanging indefinitely
+ Software Updater hanging indefinitely waiting for secure boot key entry
Sebastien Bacher (seb128) wrote :

(reading again, the report is about trusty, that's something that got improved in newer versions of Ubuntu)

affects: linux (Ubuntu) → grub2-signed (Ubuntu)
affects: grub2-signed (Ubuntu) → gnome-software (Ubuntu)
Sebastien Bacher (seb128) wrote :

@Brian, gnome-software doesn't pop up nor install updates, that's more like update-manager being used there

affects: gnome-software (Ubuntu) → update-manager (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers