[Bug 1980358] Re: ARM64 images don't boot when secureboot is enabled

Wed Jul 6 13:45:28 UTC 2022

Hello Ivan, or anyone else affected,

Accepted livecd-rootfs into focal-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/livecd-
rootfs/2.664.43 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: livecd-rootfs (Ubuntu Focal)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-focal

** Changed in: livecd-rootfs (Ubuntu Bionic)
       Status: New => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1980358

Title:
  ARM64 images don't boot when secureboot is enabled

Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Bionic:
  Fix Committed
Status in livecd-rootfs source package in Focal:
  Fix Committed
Status in livecd-rootfs source package in Impish:
  Fix Released
Status in livecd-rootfs source package in Jammy:
  Fix Released

Bug description:
  [Impact]

   * This is a backport to focal and bionic of arm64 secureboot enablement work that has already been released in jammy.
   * Users wishing to use secureboot to boot ARM64 bionic and focal cloud images will fail. This is due to the bionic and focal images including incorrect grub EFI binaries. The correct grub EFI binaries, that are included in jammy arm64 cloud images are `shim-signed` and `grub-efi-arm64-signed`.

  [Test Plan]

   * Create bionic and focal arm64 images using the updated livecd-rootfs
   * Test that both bionic and focal arm64 images boot successfully on a cloud platform that requires secureboot
   * Test that non-secureboot functionality has not regressed by testing that both bionic and focal images successfully boot on a cloud platform where secureboot is not required

  [Where problems could occur]

   * A lot of different derivative images inherit from `disk-image-uefi.binary`, this change
     has the potential to tamper with the arcane matters related to boot

  [Other Info]

   * This is a backport, images of Jammy and newer have had those changes since release
   * There is an SRU exception for livecd-rootfs described here: https://wiki.ubuntu.com/StableReleaseUpdates#livecd-rootfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1980358/+subscriptions