Ubuntu
grub2 package

grub-install doesn't install MokManager in UEFI mode

  1. Precise (12.04)
  2. Bug #1600320
Bug #1600320 reported by Mathieu Trudel-Lapierre
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
Fix Released
Critical
Unassigned
Precise
Fix Released
Critical
Mathieu Trudel-Lapierre

Bug Description

[Impact]
Precise users wanting to control Secure Boot behavior, such as disabling shim validation.
This will affect all users of DKMS packages on precise.

[Test case]
1) sudo apt-get install bbswitch-dkms ; follow steps to disable secure boot (may require proposed shim-signed 1.17~...)
2) Reboot
3) Verify that the system boots to MokManager first and prompts the user to disable Secure Boot; then successfully reboots to Ubuntu.
4) sudo modprobe -v bbswitch ; validate that the module loading is attempted and that you either get a succesful result (on systems where bbswitch is useful) or "No such device".

[Regression potential]
Given changing the logic for installing grub files; in the event that the target system detection fails grub-install may attempt to install MokManager to paths that don't exist. This will not break the system.

---
On precise; we don't currently have --target, and thus grub is also missing the logic to install MokManager to /boot/efi/EFI/ubuntu/ for use with shim's toggles and procedures to import signing keys.

Backporting the logic to install MokManager should be fairly straightforward.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

This does not affect any release except precise.

Changed in grub2 (Ubuntu):
status: New → Fix Released
Changed in grub2 (Ubuntu Precise):
status: New → In Progress
importance: Undecided → Medium
importance: Medium → Critical
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted grub2 into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/1.99-21ubuntu3.20 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2 (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote : [grub2/precise] verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for precise for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Mathew Hodson (mhodson)
Changed in grub2 (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Verified that this behaves correctly; verification-done.

tags: added: verification-done
removed: removal-candidate verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 1.99-21ubuntu3.20

---------------
grub2 (1.99-21ubuntu3.20) precise; urgency=medium

  * debian/patches/install_mokmanager.patch: also install MokManager if we
    got to install shim; so as to be able to control shim options.
    (LP: #1600320)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 08 Jul 2016 14:13:09 -0400

Changed in grub2 (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Chris J Arges (arges) wrote : Update Released

The verification of the Stable Release Update for grub2 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.