[Bug 1934780] Re: shim crashes on Mellanox BF1 SmartNIC

Launchpad Bug Tracker 1934780 at bugs.launchpad.net
Mon Aug 16 10:30:18 UTC 2021 

This bug was fixed in the package shim-signed - 1.33.1~16.04.10

---------------
shim-signed (1.33.1~16.04.10) xenial; urgency=medium

  * Update to shim 15.4-0ubuntu7:
    - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
    - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
    - Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
    - mok: relax the maximum variable size check (LP: #1934780) (PR #369)

shim-signed (1.33.1~16.04.9) xenial; urgency=medium

  * Do not build a dual-signed shim (fixing regression from ~16.04.7), and
    disable verifying fbx64.efi and mmx64.efi certificates as xenial's
    sbverify is unable to (impish works fine)
  * Clean up debhelper log file accidentally imported into git during 16.04.7
    import.

shim-signed (1.33.1~16.04.8) xenial; urgency=medium

  * debian/*.postinst: Unconditionally call grub-install with
    --force-extra-removable, so that the \EFI\BOOT removable path as used in
    cloud images receives the updates.  LP: #1930742.
  * Update to shim 15.4-0ubuntu5:
    - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
      is causing systems to run out of EFI storage space, or just hang up
      when trying to write it (LP: #1924605) (LP: #1928434)
    - Further relax the check for variable mirroring on non-secureboot systems
      avoiding boot failures on out of space conditons (pull request #372)
    - Don't unhook ExitBootServices() when EBS protection is disabled
      (LP: #1931136) (pull request #378)

shim-signed (1.33.1~16.04.7) xenial; urgency=medium

  * New upstream release 15.4.  LP: #1921134
  * Update packaging to pull fb and mm from shim-signed package as in
    later releases, dropping the runtime dependency on shim.
  * Add download-signed script from linux-signed package
  * Add a versioned dependency on the mokutil that introduces --timeout, and
    call mokutil --timeout -1 so that users don't end up with broken systems
    by missing MokManager on reboot after install.  LP: #1856422.
  * Add versioned dependencies on grub-efi-amd64-signed and grub2-common,
    to ensure we have SBAT-compatible grub.efi and grub 2.04-compatible
    grub-install present when we are installing new shim to the ESP.
  * Include reworked Makefile from devel to better assert the integrity of
    the executables.

 -- Julian Andres Klode <juliank at ubuntu.com>  Fri, 16 Jul 2021 13:04:57
+0200

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1934780

Title:
  shim crashes on Mellanox BF1 SmartNIC

Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim source package in Xenial:
  Fix Released
Status in shim-signed source package in Xenial:
  Fix Released
Status in shim source package in Bionic:
  Fix Committed
Status in shim-signed source package in Bionic:
  Fix Committed
Status in shim source package in Focal:
  Fix Released
Status in shim-signed source package in Focal:
  Fix Released
Status in shim source package in Hirsute:
  Fix Released

Bug description:
  [Impact]
  Systems that do not support QueryVariableInfo() EFI function fail to boot.

  [Test plan]
  Would be good to get this checked on the Mellanox BF1 SmartNIC on one release (shim is binary copied)

  [Where problems could occur]
  it might still fail to mirror variables on those platforms. Code looks like the variable could be uninitialized on error case, but it's actually set inside the call to 0 so that's good.

  [Original bug report]

  shim in focal-proposed (shim-signed 1.40.5) is crashing on Mellanox
  BF1 SmartNIC, showing this trace:

  >>Start PXE over IPv4.
    Station IP address is 192.168.100.2

    Server IP address is 192.168.100.1
    NBP filename is shimaa64.efi.signed
    NBP filesize is 840024 Bytes
   Downloading NBP file...

    NBP file downloaded successfully.
  Could not get variable storage info: Unsupported
  Could not create MokListRT: Unsupported
  Could not get variable storage info: Unsupported
  Could not create MokListXRT: Unsupported
  Could not get variable storage info: Unsupported
  Could not create MokListRT: Unsupported
  Could not get variable storage info: Unsupported
  Could not create MokListXRT: Unsupported
  Something has gone seriously wrong: import_mok_state() failed: Unsupported
  ERROR:   System Off: operation not handled.
  PANIC at PC : 0x000000000045c488

  Some EFI related kernel output:

  [    0.000000] efi: EFI v2.70 by EDK II
  [    0.000000] efi:  SMBIOS=0xfafb0000  SMBIOS 3.0=0xf5b70000  ACPI=0xf5c10000  ACPI 2.0=0xf5c10014  MEMATTR=0xf769e018  ESRT=0xf7593098  MEMRESERVE=0xf49e9018
  [    0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
  [    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz console=hvc0 console=ttyAMA0 earlycon=pl011,0x01000000 fixrtc ip=:::::tmfifo_net0:dhcp url=http://192.168.100.1/tftp/bluefield.iso cloud-config-url=/dev/null nopersistent
  [    0.085871] Remapping and enabling EFI services.
  [    0.377821] DMI: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.6.0-24-gd4db9c4 Apr  6 2021
  [    1.028977] Registered efivars operations
  [    2.481241] rtc-efi rtc-efi: registered as rtc0
  [    2.593647] EFI Variables Facility v0.08 2004-May-17

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1934780/+subscriptions

More information about the foundations-bugs mailing list