[Bug 1861530] Re: update-secureboot-policy runs at startup and burns CPU
Launchpad Bug Tracker
1861530 at bugs.launchpad.net
Thu Aug 10 14:52:07 UTC 2023
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: dkms (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1861530
Title:
update-secureboot-policy runs at startup and burns CPU
Status in dkms package in Ubuntu:
Confirmed
Status in shim-signed package in Ubuntu:
Incomplete
Bug description:
I am running Ubuntu 18.04 on a lenovo Thinkpad T490s. I enabled full
disk encryption when I installed Ubuntu. I found that the computer ran
hot and that a process was always running and using 50% of the
available CPU, presumably taking one core. That process was
`/usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-
secureboot-policy --enroll-key`
This process appears to be the same as the one described in this stack
exchange post
https://superuser.com/questions/1493050/update-secureboot-policy-
enroll-key-running-on-every-new-startup-eating-reso
I found that, as suggested by user931000 I could disable Secure Boot
in UEFI settings to fix the behavior. I am not sure if this poses any
security risk however, and find that secure boot has a way of turning
itself on, at least with updates that I installed today on 31 January
2020. I think this is a bug and that CPU hogging processes should not
run every time out of the box.
This issue might be related to this other issue, for which a fix is apparently released, but which doesn't appear to be helping in my case.
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817
1) Ubuntu 18.04.4 LTS
2) Don't know the relevant package
3) I expect that Ubuntu should start up and run without a process burning all of the CPU, even if I enable disk encryption, and even if secureboot is enabled.
4) I have to choose between having a CPU hogging process turn on every time, turning off Secure Boot (while continuing to turn it off when updates re-turn off secure boot) and not encrypting my hard drive.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1861530/+subscriptions
More information about the foundations-bugs
mailing list