[Bug 1929471] Re: Shim apparently fails to run fwupd64 (hirsute regression?)
Bug Watch Updater
1929471 at bugs.launchpad.net
Mon Dec 6 13:36:40 UTC 2021
Launchpad has imported 1 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=2029396.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2021-12-06T11:58:46+00:00 dennis.schridde wrote:
Description of problem:
shimx64.efi does not appear to boot into fwupdx64.efi (booting into
"Linux-Firmware-Updater" behaves the same as booting into "Fedora",
firmware updates do not get installed).
Version-Release number of selected component (if applicable):
Installed Packages
Name : efibootmgr
Version : 16
Release : 11.fc35
Architecture : x86_64
Size : 94 k
Source : efibootmgr-16-11.fc35.src.rpm
Repository : @System
>From repo : anaconda
Summary : EFI Boot Manager
URL : https://github.com/rhboot/efibootmgr/
License : GPLv2+
Description : efibootmgr displays and allows the user to edit the Intel Extensible
: Firmware Interface (EFI) Boot Manager variables. Additional
: information about EFI can be found at https://uefi.org/.
Name : fwupd
Version : 1.7.2
Release : 1.fc35
Architecture : x86_64
Size : 6.9 M
Source : fwupd-1.7.2-1.fc35.src.rpm
Repository : @System
>From repo : updates
Summary : Firmware update daemon
URL : https://github.com/fwupd/fwupd
License : LGPLv2+
Description : fwupd is a daemon to allow session software to update device firmware.
Name : shim-x64
Version : 15.4
Release : 5
Architecture : x86_64
Size : 3.6 M
Source : shim-15.4-5.src.rpm
Repository : @System
>From repo : anaconda
Summary : First-stage UEFI bootloader
URL : https://github.com/rhboot/shim/
License : BSD
Description : Initial UEFI bootloader that handles chaining to a trusted full
: bootloader under secure boot environments. This package contains the
: version signed by the UEFI signing service.
How reproducible: Every time.
Steps to Reproduce:
1. Setup firmware update for installation with `fwupdmgr update`
2. Reboot computer (regularly, or manually booting into Linux-Firmware-Updater, no difference)
3. Observe that you are dropped straight into Grub.
Actual results:
I am being send straight into Grub. Nothing that indicates that a
firmware updater (fwupdx64.efi) is being run.
Expected results:
Firmware should update.
Additional info:
This appears to be
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1929471 and
https://github.com/fwupd/firmware-lenovo-thinkpad/issues/123 which are
supposedly fixed by https://github.com/rhboot/shim/pull/379.
Reply at: https://bugs.launchpad.net/ubuntu/+source/shim-
signed/+bug/1929471/comments/37
** Changed in: shim (Fedora)
Status: Unknown => Confirmed
** Changed in: shim (Fedora)
Importance: Unknown => Undecided
** Bug watch added: github.com/fwupd/firmware-lenovo-thinkpad/issues #123
https://github.com/fwupd/firmware-lenovo-thinkpad/issues/123
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1929471
Title:
Shim apparently fails to run fwupd64 (hirsute regression?)
Status in shim package in Ubuntu:
Fix Released
Status in shim-signed package in Ubuntu:
Fix Released
Status in shim source package in Xenial:
Fix Released
Status in shim-signed source package in Xenial:
Fix Released
Status in shim source package in Bionic:
Fix Released
Status in shim-signed source package in Bionic:
Fix Released
Status in shim source package in Focal:
Fix Released
Status in shim-signed source package in Focal:
Fix Released
Status in shim source package in Hirsute:
Fix Released
Status in shim-signed source package in Hirsute:
Fix Released
Status in shim package in Fedora:
Confirmed
Bug description:
[Impact]
fwupd does not load, can't upgrade firmware
[Test plan]
Try reinstall a firmware upgrade, make sure fwupd loads. Make sure you use secure boot. It's OK testing this in one release, as the fix is entirely shim-side and it's binary-copied.
[Where problems could occur]
We might fail to boot from BIOS generated boot entries, as in bug 1937115
[Original bug report]
I am running hirsute on Thinkpad X1 Carbon gen 7. Fwupdmgr used to work on groovy. Now, fwupdmgr detects new firmware, successfully places the .cap file in /boot/efi/EFI/ubuntu/fw/, successfully sets efi "next boot" to 2 which is "Linux-Firmware-Updater", but on reboot, there are no signs that fwupdx64 was attempted to be executed, and system drops directly into grub.
Same when I use BIOS boot menu. There are entries for "ubuntu" and for
"Linux firmware updater", but selecting any of them boots grub.
After boot, EFI "BootCurrent" points to the updater entry, though it
apparently did not run!
$ efibootmgr -v|head
BootCurrent: 0002
Timeout: 0 seconds
BootOrder: 0001,0019,001A,001B,001C,001D,001E,001F,0020,0021,0022,0023,0024,0002
Boot0001* ubuntu HD(1,GPT,6ccce482-e2c2-48ca-991e-608bee5d38af,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)
Boot0002* Linux-Firmware-Updater HD(1,GPT,6ccce482-e2c2-48ca-991e-608bee5d38af,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)\.f.w.u.p.d.x.6.4...e.f.i...
Boot0010 Setup FvFile(721c8b66-426c-4e86-8e99-3457c46ab0b9)
Boot0011 Boot Menu FvFile(126a762d-5758-4fca-8531-201a7f57f850)
Boot0012 Diagnostic Splash Screen FvFile(a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380)
Boot0013 Lenovo Diagnostics FvFile(3f7e615b-0d45-4f80-88dc-26b234958560)
Boot0014 Regulatory Information FvFile(478c92a0-2622-42b7-a65d-5894169e4d24)
These sympptoms match precisely a previous bug:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1864223
Could it be that the fix introduced then was lost, maybe due to
signing schedule?
There is a github ticket https://github.com/fwupd/firmware-lenovo-
thinkpad/issues/123 that could be explained by this problem too.
My versions of related packages:
shim-signed:
Installed: 1.47+15.4-0ubuntu2
fwupd-signed:
Installed: 1.38+1.5.8-0ubuntu1
grub-efi-amd64-signed:
Installed: 1.169+2.04-1ubuntu45
ProblemType: Bug
DistroRelease: Ubuntu 21.04
Package: shim-signed 1.47+15.4-0ubuntu2
ProcVersionSignature: Ubuntu 5.11.0-17.18-generic 5.11.12
Uname: Linux 5.11.0-17-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.11-0ubuntu65
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon May 24 23:28:40 2021
InstallationDate: Installed on 2020-01-02 (508 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Alpha amd64 (20190802)
SecureBoot: 6 0 0 0 1
SourcePackage: shim-signed
UpgradeStatus: Upgraded to hirsute on 2021-02-22 (91 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1929471/+subscriptions
More information about the foundations-bugs
mailing list