[Bug 1861530] Re: update-secureboot-policy runs at startup and burns CPU

Launchpad Bug Tracker 1861530 at bugs.launchpad.net
Thu Aug 10 14:52:07 UTC 2023 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: dkms (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1861530

Title:
  update-secureboot-policy runs at startup and burns CPU

Status in dkms package in Ubuntu:
  Confirmed
Status in shim-signed package in Ubuntu:
  Incomplete

Bug description:
  I am running Ubuntu 18.04 on a lenovo Thinkpad T490s. I enabled full
  disk encryption when I installed Ubuntu. I found that the computer ran
  hot and that a process was always running and using 50% of the
  available CPU, presumably taking one core. That process was

  `/usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-
  secureboot-policy --enroll-key`

  This process appears to be the same as the one described in this stack
  exchange post

  https://superuser.com/questions/1493050/update-secureboot-policy-
  enroll-key-running-on-every-new-startup-eating-reso

  I found that, as suggested by user931000 I could disable Secure Boot
  in UEFI settings to fix the behavior. I am not sure if this poses any
  security risk however, and find that secure boot has a way of turning
  itself on, at least with updates that I installed today on 31 January
  2020. I think this is a bug and that CPU hogging processes should not
  run every time out of the box.

  This issue might be related to this other issue, for which a fix is apparently released, but which doesn't appear to be helping in my case.
  https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817


  1) Ubuntu 18.04.4 LTS
  2) Don't know the relevant package
  3) I expect that Ubuntu should start up and run without a process burning all of the CPU, even if I enable disk encryption, and even if secureboot is enabled.
  4) I have to choose between having a CPU hogging process turn on every time, turning off Secure Boot (while continuing to turn it off when updates re-turn off secure boot) and not encrypting my hard drive.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1861530/+subscriptions

More information about the foundations-bugs mailing list