[Bug 1600452] Re: "Failed to set variable: (2) Invalid Parameter" when enrolling MOK
Chris J Arges
1600452 at bugs.launchpad.net
Mon Aug 29 13:17:20 UTC 2016
Attached a patch containing the unmerged patches. Not sure if want to
wait until they are merged to fix this, but this currently prevents me
from being able to enroll keys on my machine.
** Patch added: "shim-lp1600452-yakkety.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1600452/+attachment/4730000/+files/shim-lp1600452-yakkety.debdiff
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1600452
Title:
"Failed to set variable: (2) Invalid Parameter" when enrolling MOK
Status in mokutil package in Ubuntu:
Confirmed
Status in mokutil source package in Xenial:
Confirmed
Bug description:
## Testing Environment:
Lenovo Thinkpad P50, fresh install of Ubuntu 16.04
$ apt-cache policy mokutil
mokutil:
Installed: 0.3.0-0ubuntu3
Candidate: 0.3.0-0ubuntu3
Version table:
*** 0.3.0-0ubuntu3 500
500 http://cn.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
$ apt-cache policy shim
shim:
Installed: 0.8-0ubuntu2
Candidate: 0.8-0ubuntu2
Version table:
*** 0.8-0ubuntu2 500
500 http://cn.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
## Steps to reproduce:
(1) do not disable SecureBoot as suggested during the install.
(2) install virtualbox-5.0 from the virtualbox ppa (deb
http://download.virtualbox.org/virtualbox/debian xenial contrib)
(3) Follow instructions here to manually sign the vboxdrv kernel
module (https://askubuntu.com/questions/760671/could-not-load-vboxdrv-
after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310)
$ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform
DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive name/"
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256
./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
$ sudo mokutil --import MOK.der
(enter password)
(4) reboot, click "enroll mok", "continue", "yes", enter password,
(screenshots here: https://sourceware.org/systemtap/wiki/SecureBoot)
## Expected behavior:
new mok will be enrolled and I will be asked to reboot (several users
from the original askubuntu answer indicated that these exact steps
worked for them.
## Actual behaviour:
"Error: Failed to set variable: (2) Invalid Parameter"
## Troubleshooting steps taken:
- tried different passwords, and was able to eliminate that being the cause.
- found relevant lines of code producing the error: lines 919-931 in https://github.com/rhinstaller/shim/blob/master/MokManager.c
/# C code
efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name,
&shim_lock_guid,
EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_APPEND_WRITE,
MokNewSize, MokNew);
}
if (efi_status != EFI_SUCCESS) {
console_error(L"Failed to set variable", efi_status);
return efi_status;
}
C Code #/
- unable to find where uefi_call_wrapper() is defined
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: mokutil 0.3.0-0ubuntu3
ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Jul 9 18:56:59 2016
InstallationDate: Installed on 2016-07-08 (0 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: mokutil
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1600452/+subscriptions
More information about the foundations-bugs
mailing list