Bug 1254208

Summary: Crashes trying to load UEFI certs with Secure Boot enabled
Product: [Fedora] Fedora Reporter: Bastien Nocera <bnocera>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: bnocera, dhowells, gansalmon, henry.hu.sh, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab, robinlee.sysu, saschanaz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-4.5.5-300.fc24.x86_64 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 17:32:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
uefi crash photo
none
dbxtool output none

Description Bastien Nocera 2015-08-17 12:34:35 UTC 
Created attachment 1063790 [details]
uefi crash photo

Booting the Fedora Workstation image at:
https://dl.fedoraproject.org/pub/fedora/linux/releases/22/Workstation/x86_64/iso/
with Secure Boot enabled leads to the kernel crashing early on:
load_uefi_certs+0x12e/0x269
get_cert_list+0xec/0xec

Booting with UEFI Secure Boot disabled works (kind of):
https://bugzilla.redhat.com/show_bug.cgi?id=1254202
Comment 1 Josh Boyer 2015-08-17 14:44:55 UTC 
What kind of machine is this?
Comment 2 Bastien Nocera 2015-08-17 19:24:20 UTC 
(In reply to Josh Boyer from comment #1)
> What kind of machine is this?

Microsoft Surface 3, 4GB RAM:
https://en.wikipedia.org/wiki/Surface_3
Comment 3 Josh Boyer 2015-08-24 15:25:51 UTC 
*** Bug 1256433 has been marked as a duplicate of this bug. ***
Comment 4 Bastien Nocera 2015-10-18 19:45:52 UTC 
Created attachment 1084191 [details]
dbxtool output

Output of:
sudo dbxtool -l -d /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f

When running with efi=old_map (see https://bugzilla.kernel.org/show_bug.cgi?id=106051 for the reason why)
Comment 5 Kagami Sascha Rosylight 2016-05-01 03:58:35 UTC 
Same thing happens here on my Surface 3.

Call Trace:
load_uefi_certs
get_cert_list
parse_args
_raw_write_unlock_irqrestore
kernel_init_freeable
rest_init
kernel_init
ret_from_fork
rest_init

https://onedrive.live.com/redir?resid=F448B1A1D940E1B0!1096931&authkey=!AMCAmbi61potkXc&v=3&ithint=photo%2cjpg
Comment 6 Fedora End Of Life 2016-07-19 17:32:07 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 7 Robin Lee 2016-07-22 08:31:24 UTC 
I tested Surface 3 with Fedora 24 media, and the issue seems gone. So the issue at least has been fixed at the initial kernel of Fedora 24.

But it still fails to install Fedora 24 on Surface 3. Refer to BZ#1282244.