[Bug 1652147] Re: UEFI secure boot fails after 14.04 to 16.04 upgrade
Steve Langasek
steve.langasek at canonical.com
Tue Jan 3 19:47:45 UTC 2017
On Tue, Jan 03, 2017 at 05:19:24PM -0000, Brian Murray wrote:
> ubuntu-release-upgrade should disable -proposed to prevent situations
> like this. Please include your the file /var/log/dist-upgrade/main.log
> which should contain information about your upgrade from 14.04 to 16.04.
>
> DistUpgradeController.py contains the following code:
>
> 653 # Disable proposed on upgrade to a development release.
> 654 if (not entry.disabled and self.options
> 655 and self.options.devel_release == True and
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So we in fact only disable it on upgrades to the devel release, not on
upgrade to a new stable release.
> 656 "%s-proposed" % self.fromDist in entry.dist):
> 657 logging.debug("upgrade to development release, disabling proposed")
> 658 entry.dist = "%s-proposed" % self.toDist
> 659 entry.comment += _("Not for humans during development stage of release %s") % self.toDist
> 660 entry.disabled = True
> 661 continue
>
> So you'd also see the above comment in /etc/apt/sources.list.
>
> ** Changed in: shim (Ubuntu)
> Importance: Undecided => High
>
> --
> You received this bug notification because you are subscribed to shim in
> Ubuntu.
> https://bugs.launchpad.net/bugs/1652147
>
> Title:
> UEFI secure boot fails after 14.04 to 16.04 upgrade
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1652147/+subscriptions
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
** Package changed: shim (Ubuntu) => ubuntu-release-upgrader (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1652147
Title:
UEFI secure boot fails after 14.04 to 16.04 upgrade
Status in ubuntu-release-upgrader package in Ubuntu:
New
Bug description:
I did a release upgrade from fully upgraded Trusty/14.04.x to Xenial/16.04 today (amd64). There was no indication of any problems during the upgrade. Only oddly asking to disable secure boot on the shim level again (already had done this on Trusty). Also I had the proposed pocket enabled in Trusty before doing the upgrade (update-manager).
After reboot I get a textual error message that "image verification has failed" and I am presented with a menu to select a different UEFI element (this is a Lenovo x230).
I can disable secure boot in the BIOS and am then able to boot.
Not sure this is related to the issue but from the system booted without secure boot I tried to run sbverify and it returns the same error for all EFI binaries I tried:
# sbverify shimx64.efi
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
PKCS7 verification failed
140313718134424:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:336:Verify error:unable to get local issuer certificate
Signature verification failed
If there is any other info that is needed, let me know. Or/and if
there are any steps to resolve the issue, let me know, too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1652147/+subscriptions
More information about the foundations-bugs
mailing list