[Bug 2031896] Re: [canary] installation failed with "cannot seal the encryption keys"

Henry Coggill 2031896 at bugs.launchpad.net
Mon Sep 11 22:01:13 UTC 2023 

I encountered this issue whilst using a QEMU VM, as per the instructions
for booting Ubuntu Core 22 with TPM:
https://ubuntu.com/core/docs/testing-with-qemu

The boot process did take me to the EFI shell, from which I exited, and
selected the Mantic DVD (ISO) as the boot device.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subiquity in Ubuntu.
https://bugs.launchpad.net/bugs/2031896

Title:
  [canary] installation failed with "cannot seal the encryption keys"

Status in snapd:
  New
Status in subiquity:
  Confirmed
Status in ubuntu-desktop-installer:
  Triaged
Status in subiquity package in Ubuntu:
  Triaged

Bug description:
  Mantic 20230817

  For some reason installation in a VM failed with:

  =====
  2023-08-18 08:42:55,702 ERROR root:30 finish: subiquity/Install/install/curtin_install/finish_install: FAIL: cannot perform the following tasks:
  - Finish setup of run system for "enhanced-secureboot-desktop" (cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot compute secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between)
  2023-08-18 08:42:55,702 ERROR root:30 finish: subiquity/Install/install/curtin_install: FAIL: cannot perform the following tasks:
  - Finish setup of run system for "enhanced-secureboot-desktop" (cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot compute secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between)
  2023-08-18 08:42:55,702 DEBUG subiquity.common.errorreport:394 generating crash report
  2023-08-18 08:42:55,714 INFO subiquity.common.errorreport:415 saving crash report 'install failed crashed with ClientError' to /var/crash/1692348175.702773333.install_fail.crash
  2023-08-18 08:42:55,714 ERROR root:30 finish: subiquity/Install/install: FAIL: cannot perform the following tasks:
  - Finish setup of run system for "enhanced-secureboot-desktop" (cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot compute secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between)
  2023-08-18 08:42:55,715 INFO root:30 start: subiquity/ErrorReporter/1692348175.702773333.install_fail/add_info: 
  2023-08-18 08:42:55,715 ERROR subiquity.server.server:414 top level error
  Traceback (most recent call last):
    File "/snap/ubuntu-desktop-installer/1197/bin/subiquity/subiquity/server/controllers/shutdown.py", line 74, in _wait_install
      await self.app.controllers.Install.install_task
  aiohttp.client_exceptions.ClientError: cannot perform the following tasks:
  - Finish setup of run system for "enhanced-secureboot-desktop" (cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot compute secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between)
  2023-08-18 08:42:55,717 ERROR subiquity.server.server:414 top level error
  Traceback (most recent call last):
    File "/snap/ubuntu-desktop-installer/1197/bin/subiquity/subiquity/server/controllers/shutdown.py", line 74, in _wait_install
      await self.app.controllers.Install.install_task
  aiohttp.client_exceptions.ClientError: cannot perform the following tasks:
  - Finish setup of run system for "enhanced-secureboot-desktop" (cannot seal the encryption keys: cannot add EFI secure boot policy profile: cannot compute secure boot policy profile: the current boot was preceeded by a boot attempt to an EFI application that returned to the boot manager, without a reboot in between)
  =====

  The error should be exposed to the user instead of crashing. There
  error is not displayed in the console of the installer either.

  About the error itself, I've no clue what it means, since it's an
  installation from a fresh VM, straight to the live session.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/2031896/+subscriptions

More information about the foundations-bugs mailing list