[Bug 1931136] Re: Don't unhook ExitBootServices() when EBS protection is disabled
dann frazier
1931136 at bugs.launchpad.net
Thu Jun 24 23:09:03 UTC 2021
I was able to reproduce this w/o any chainloading. Just booting a
hirsute image in QEMU w/ SecureBoot enabled was enough. I verified that
I'm still seeing this issue w/ the current hirsute cloud image:
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x2)/Pci(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x2)/Pci(0x0,0x0)
error: can't find command `hwmatch'.
EFI stub: UEFI Secure Boot is enabled.
!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
RIP - 00000000000E0000, CS - 0000000000000038, RFLAGS - 0000000000210207
RAX - 000000007EFC5660, RCX - 000000007D18F898, RDX - 00000000000016D4
RBX - 000000007EFAFFB0, RSP - 000000007EFAFE98, RBP - 8000000000000001
RSI - 000000003DA5EC2D, RDI - 000000003FFFF1C4
R8 - 0000000000000028, R9 - 000000007E7AC267, R10 - 000000007EFAFF50
R11 - 0000000000000000, R12 - 0000000000000000, R13 - 000000007D18F898
R14 - 000000003DA58D0C, R15 - 000000007EFAFFA0
DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
GS - 0000000000000030, SS - 0000000000000030
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007EC01000
CR4 - 0000000000000668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000007E9EEA98 0000000000000047, LDTR - 0000000000000000
IDTR - 000000007E401018 0000000000000FFF, TR - 0000000000000000
FXSAVE_STATE - 000000007EFAFAF0
!!!! Can't find image information. !!!!
I then mounted the image externally, updating only shim-signed:
Unpacking shim-signed (1.48+15.4-0ubuntu5) over (1.47+15.4-0ubuntu2) ...
Setting up shim-signed (1.48+15.4-0ubuntu5) ..
After that, the image booted up fine.
** Description changed:
[Impact]
This is a regression in shim 15.4 that causes a crash in shim when chainbooting.
Also, the machine resets when you exit grub, rather than going back to
the EFI shell when launched from it.
[Test plan]
- TODO for the chainboot, something similar to
- https://github.com/lxc/lxd/issues/8770
-
- For grub exit, we can easily launch VM and then EFI shell and then load
- shim from in there, type exit in grub and should be back to EFI shell.
+ Boot an Ubuntu hirsute image in Secure Boot mode. While this issue was
+ originally seen while chainbooting in
+ https://github.com/lxc/lxd/issues/8770 - it was shown to be also
+ reproducible just by booting a hirsute instance.
[Where problems could occur]
In exiting shim, failure to boot, etc.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1931136
Title:
Don't unhook ExitBootServices() when EBS protection is disabled
Status in shim package in Ubuntu:
Fix Released
Status in shim-signed package in Ubuntu:
Fix Committed
Status in shim source package in Xenial:
Fix Committed
Status in shim source package in Hirsute:
Fix Committed
Bug description:
[Impact]
This is a regression in shim 15.4 that causes a crash in shim when chainbooting.
Also, the machine resets when you exit grub, rather than going back to
the EFI shell when launched from it.
[Test plan]
Boot an Ubuntu hirsute image in Secure Boot mode. While this issue was
originally seen while chainbooting in
https://github.com/lxc/lxd/issues/8770 - it was shown to be also
reproducible just by booting a hirsute instance.
[Where problems could occur]
In exiting shim, failure to boot, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1931136/+subscriptions
More information about the foundations-bugs
mailing list