[Bug 1811722] Re: arm64: shim crashes in SecureBoot mode w/ some firmware
xinliang
1811722 at bugs.launchpad.net
Thu Aug 20 03:03:19 UTC 2020
I encounter a Synchronous Exception crash when booting shim with qemu-system-aarch64 on Focal. But on an real aarch64 server this doesn't happen.
Not sure if it is the same issue.
software:
qemu-efi-aarch64/focal,now 0~20191122.bd85bf54-2ubuntu3 all [installed,automatic]
UEFI firmware for 64-bit ARM virtual machines
shim/focal,now 15+1533136590.3beb971-0ubuntu1 arm64 [installed]
boot loader to chain-load signed boot loaders under Secure Boot
shim-signed/focal,now 1.40.3+15+1533136590.3beb971-0ubuntu1 arm64 [installed]
Secure Boot chain-loading bootloader (Microsoft-signed binary)
log show as bellow:
$ virsh console node-0
Connected to domain node-0
Escape character is ^]
>>Start PXE over IPv4.
Station IP address is 10.0.0.31
Server IP address is 10.30.96.1
NBP filename is bootaa64.efi
NBP filesize is 910544 Bytes
Downloading NBP file...
NBP file downloaded successfully.
BdsDxe: loading Boot0002 "UEFI PXEv4 (MAC:525400C65BC2)" from PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/MAC(525400C65BC2,0x1)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0)
BdsDxe: starting Boot0002 "UEFI PXEv4 (MAC:525400C65BC2)" from PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/MAC(525400C65BC2,0x1)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0)
Synchronous Exception at 0x00000000F83BBDEC
Synchronous Exception at 0x00000000F83BBDEC
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1811722
Title:
arm64: shim crashes in SecureBoot mode w/ some firmware
Status in shim package in Ubuntu:
Fix Released
Status in shim-signed package in Ubuntu:
Fix Committed
Bug description:
On some firmware, attempting SecureBoot on arm64 will result in a
crash. This is reproducible with a build of latest upstream EDK2 for
the ArmVirtQemu target, but not with the older version we have
packaged (edk2 0~20181115.85588389-2ubuntu1). The reason appears to be
that our older version of edk2 had the firmware flash mapped at 0x0,
which allowed NULL pointer dereferences to silently succeed. Latest
upstream has changed that, so now such accesses result in a
Synchronous Exception.
Even though we can boot in SecureBoot mode successfully with the old
firmware, I've found that doing so results in a corrupted firmware
image, making subsequent boots fail. It maybe that the memory access
that leads to the Synchronous Exception on newer firmware is a write
to the firmware region that is causing the corruption, and therefore
the same underlying root cause.
Note that I can also reproduce this with latest upstream GRUB. I
looked for possible fixes for this in shim upstream, in case it is a
problem with how shim invokes GRUB - or an issue with the Protocols
shim registers. The only change I see that might be relevant that we
don't already have is "6df7a8f Fix for "Section 0 has negative size"
error when loading fbaa64.efi", but I could still reproduce after
applying that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1811722/+subscriptions
More information about the foundations-bugs
mailing list