Ubuntu
grub2 package

[Xenial] Update to kernel 4.4.0-112-generic make the system failed to boot with enabled BIOS SecureBoot mode

  1. Xenial (16.04)
  2. Bug #1745740
Bug #1745740 reported by Taihsiang Ho
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
Incomplete
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
linux (Ubuntu)
Incomplete
High
Unassigned
Xenial
Incomplete
High
Unassigned

Bug Description

[Description]

After updating from 4.4.0-111 to the latest 4.4.0-112, the system with enabled BIOS SecureBoot mode will fail to boot because of "Operating System Loading signature not found in SecureBoot database" prompted by BIOS (See the attachment picture)

[Steps to Reproduce]

1. Prepare a system installed with 16.04.1 and enabled BIOS SecureBoot mode.
2. Update the system (over the Update manager GUI or "apt-get dist-upgrade")
3. Reboot the system to make the update effective.

[Expected Result]

The system gets ready to use after reboot.

[Actual Result]

The system stops at the BIOS stage with the prompted message "Operating System Loading signature not found in SecureBoot database" prompted by BIOS (See the attachment picture)

[Reproducible Systems]

So far I reproduced this issue on the following machine:

CID 201410-15915 - Dell XPS 13 9343
CID 201610-25147 - Dell OptiPlex 7450 AIO
(potential candidate[1]) - CID 201610-25144 - Dell Precision 5520
(potential candidate) - CID 201606-22338 - Dell XPS 13 9360

[1] "potential candidate" means the system failed to boot after system update but have not identified it was encountered the same issue.

------------------------------------------------------------------

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-112-generic 4.4.0-112.135
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
Uname: Linux 4.4.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: tai271828 1742 F.... pulseaudio
 /dev/snd/controlC1: tai271828 1742 F.... pulseaudio
CurrentDesktop: Unity
Date: Sat Jan 27 21:28:25 2018
HibernationDevice: RESUME=UUID=f182f469-555b-4f5d-b3df-c77ccc5d60c8
InstallationDate: Installed on 2017-03-01 (332 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
MachineType: Dell Inc. XPS 13 9343
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-112-generic.efi.signed root=UUID=d464a83f-1802-468f-bf5c-6c2eb6be441b ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-112-generic N/A
 linux-backports-modules-4.4.0-112-generic N/A
 linux-firmware 1.157.16
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/14/2015
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: 0144PA
dmi.board.vendor: Dell Inc.
dmi.board.version: X04
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd07/14/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0144PA:rvrX04:cvnDellInc.:ct9:cvr:
dmi.product.name: XPS 13 9343
dmi.sys.vendor: Dell Inc.

See original description
Revision history for this message
Taihsiang Ho (tai271828) wrote :
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: kernel-key pti
Changed in linux (Ubuntu Xenial):
status: New → Triaged
Changed in linux (Ubuntu):
status: Confirmed → Triaged
Changed in linux (Ubuntu Xenial):
importance: Undecided → High
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Can we get versions of grub2/grub2-signed off the box

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

This may be a duplicate of bug 1743908

Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
status: Triaged → Incomplete
Changed in linux (Ubuntu Xenial):
status: Triaged → Incomplete
tags: added: kernel-da-key
removed: kernel-key
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

How was this system installed? Was it installed in BIOS mode and then changed to UEFI?

Is shim-signed correctly installed on the system? Without shim-signed installed and present on the ESP partition (/boot/efi/EFI/ubuntu/bootx64.efi); as well as listed as the BootEntry to load (sudo efibootmgr -v will tell), the system will not be able to boot an image recognized as valid by the Microsoft keys that are usually on these systems.

Changed in grub2 (Ubuntu):
status: New → Incomplete
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.