[Bug 1878541] Re: Grub fails to load kernel from squashfs if mem < 1500mb

Tue Aug 18 13:56:02 UTC 2020

Hello Michael, or anyone else affected,

Accepted grub2 into focal-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu26.3
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: grub2 (Ubuntu Focal)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1878541

Title:
  Grub fails to load kernel from squashfs if mem < 1500mb

Status in snapd:
  In Progress
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2 source package in Focal:
  Fix Committed
Status in grub2 source package in Groovy:
  Fix Released

Bug description:
  [Impact]

   * loopback command uses too much ram, resulting in OOM on small
  machines

  [Test Case]

   * Download & Copy kernel.snap from amd64 pc image onto ESP
  partitition

   * Boot VM with secureboot, uefi and tpm and drop into grub recovery
  shell

   * observe ram usage of the machine (for example by using virt-manager
  graphs)

   * execute "loopback loop0 /path/to/kernel.snap"

   * observe ram usage of the machine again.

   * The RAM usage should stay almost constant with the patched grub
  just like it did in bionic. If it grows by the size of the kernel.snap
  (~500MB+), it is booting using buggy grub as shipped in focal GA.

  [Regression Potential]

   * This patch changes UEFI secureboot verifier behaviour for the
  loopback command. The whole loopback file is no longer read & stored
  into memory.

  This changes the PCR values. However Ubuntu has not yet been using or
  sealing against that PCR value. Also normally, on every kernel/grub
  update, the same PCR value is changed. Thus normal resealing procedure
  after a grub update would accommodate for this change of the PCR
  value.

  The loopback devices as a whole are no longer measured into TPM and
  cannot be attested. The resurrect such behavior, there is upstream
  design plan to allow storing hashes of all blocks and validate them
  with reduced memory requirement. Currently this is deemed out of
  scope, and of low interest/priority.

  [Other Info]

  [Original bug report]

  Booting a uc20 system fails early currently. The image used was:
  http://cdimage.ubuntu.com/ubuntu-core/20/beta/20200513.2/

  Attached is a screenshot of the debug output.

  This appears to be some sort of regression with grub in 20.04 or with
  UEFI grub - this used to work in uc18.

  Note that there is memory < 1500mb

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1878541/+subscriptions