Bug 44214 - UEFI boot does not work
UEFI boot does not work
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Kernel
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Philipp Hahn
Stefan Gohmann
: interim-4
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-03 07:27 CEST by Stefan Gohmann
Modified: 2017-04-04 18:29 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Release Management
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-04-03 07:27:21 CEST
I've installed UCS 4.2 on our UEFI test hardware. The installation works as expected. Afterwards, the first boot failed with the following error message:

error: /vmlinuz-4.9.0-ucs103-amd64.efi.signed has invalid signature.
error: you need to load the kernel first
Comment 2 Philipp Hahn univentionstaff 2017-04-03 16:29:45 CEST
r78618 | Bug #44214 grub: Depends directly on correct GRUB EFI package

Package: univention-grub
Version: 10.0.0-2A~4.2.0.201704031431
Branch: ucs_4.2-0

ucs_4.2-0-20170403-143414-dvd-amd64.iso

r17450 | 

Package: grub-installer
Version: 1.117+deb8u1A~4.2.0.201704031545
Branch: ucs_4.2-0
Comment 3 Philipp Hahn univentionstaff 2017-04-03 17:35:37 CEST
r17451 | Bug #44214 cd: merge wheey changes to jessie for UEFI-SB

Package: debian-cd
Version: 3.1.17A~4.2.0.201704031731
Branch: ucs_4.2-0
Comment 4 Janek Walkenhorst univentionstaff 2017-04-03 17:50:41 CEST
(In reply to Philipp Hahn from comment #2)
> r78618 | Bug #44214 grub: Depends directly on correct GRUB EFI package
> 
> Package: univention-grub
> Version: 10.0.0-2A~4.2.0.201704031431
> Branch: ucs_4.2-0
> 
> ucs_4.2-0-20170403-143414-dvd-amd64.iso
> 
> r17450 | 
> 
> Package: grub-installer
> Version: 1.117+deb8u1A~4.2.0.201704031545
> Branch: ucs_4.2-0

This works correctly with UEFI and UEFI&Secureboot
Comment 5 Janek Walkenhorst univentionstaff 2017-04-03 18:23:01 CEST
(In reply to Philipp Hahn from comment #3)
> r17451 | Bug #44214 cd: merge wheey changes to jessie for UEFI-SB
> 
> Package: debian-cd
> Version: 3.1.17A~4.2.0.201704031731
> Branch: ucs_4.2-0

This boots with Secureboot but then hangs…
Comment 6 Philipp Hahn univentionstaff 2017-04-04 13:38:34 CEST
r17452 | Bug #44214: don't strip modules - breaks UEFI-SB

Quoting <https://www.kernel.org/doc/Documentation/module-signing.txt>:
> Signed modules are BRITTLE as the signature is outside of the defined ELF
> container.  Thus they MAY NOT be stripped once the signature is computed and
> attached.  Note the entire module is the signed payload, including any and all
> debug information present at the time of signing.

QA:
gzip -dc < /mnt/build-storage/buildsystem/apt/ucs_4.2-0/dists/ucs420/main/installer-amd64/current/images/cdrom/initrd.gz | cpio -t -v | grep uhci-hcd.ko
-rw-r--r--   1 root     root        71398 Mar  9 18:33 lib/modules/4.9.0-ucs103-amd64/kernel/drivers/usb/host/uhci-hcd.ko
QA: OK Debian-Installer
QA: OK Installed UCS system
QA: OK modprobe
Comment 7 Stefan Gohmann univentionstaff 2017-04-04 13:55:00 CEST
Excellent!
Comment 8 Philipp Hahn univentionstaff 2017-04-04 17:27:04 CEST
r17453 | Bug #44214 cd: Fix i386-UEFI DVD build

Package: debian-cd
Version: 3.1.17A~4.2.0.201704041453
Branch: ucs_4.2-0
Comment 9 Stefan Gohmann univentionstaff 2017-04-04 18:29:06 CEST
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".