Bug 1477735
Summary: | Shim was unable to measure state into the TPM | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Forrest Taylor <ftaylor> | ||||||
Component: | shim | Assignee: | Peter Jones <pjones> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Release Test Team <release-test-team-automation> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 7.4 | CC: | ccheney, cww, defwxyz, jhunt, qbarnes | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2019-06-11 20:46:09 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Forrest Taylor
2017-08-02 18:46:28 UTC
Created attachment 1308431 [details]
Disk information
Output of gdisk -l and df -h.
Created attachment 1308432 [details]
grub.cfg
Grub configuration file.
After much work, I was able to workaround the issue by reverting to older packages. 1. Leave EFI and Secure Boot enabled. 2. Boot from a RHEL ISO and start Anaconda rescue. 3. Configure networking. 4. Remove the new packages: # yum remove mokutil grub2-tools grub2-tools-minimal grub2-tools-extra grub2-tools-efi grub2-efi shim 5. Install the old packages, excluding the new packages and ignoring obsoletes: yum install shim-0.9-2.el7 grub2-efi-2.02-0.44.el7 grub2-tools-2.02-0.44.el7 mokutil-0.9-2.el7 -x shim-x64,grub2-efi-x64,grub2-tools-extra,grub2-tools-minimal --setopt=obsoletes=0 6. Reboot (SELinux will run the first time you reboot, so it will reboot a second time). The uefi secure boot bug is present in rhel 7.4, fedora 27, fedora 28 beta. Supposing you're in uefi secure mode: If you install from scratch rhel 7.4: it will not boot. If you install from scratch fedora 27: it will not boot. If you install from scratch fedora 28 beta: it will not boot. Would it be wise to revert shim to the previous stable version in rhel 7.5 and fedora 28 ? -- Laurent I upgraded to RHEL7.6, and it boots for me now using UEFI Secure Boot. $ yum list installed shim* grub2* Installed Packages grub2-common.noarch 1:2.02-0.76.el7 @rhel-7-server-rpms grub2-efi-x64.x86_64 1:2.02-0.76.el7 @rhel-7-server-rpms grub2-tools.x86_64 1:2.02-0.76.el7 @rhel-7-server-rpms grub2-tools-extra.x86_64 1:2.02-0.76.el7 @rhel-7-server-rpms grub2-tools-minimal.x86_64 1:2.02-0.76.el7 @rhel-7-server-rpms shim-x64.x86_64 15-1.el7 @rhel-7-server-rpms $ bootctl status ... Secure Boot: enabled Setup Mode: user Selected Firmware Entry: Title: Red Hat Enterprise Linux Partition: /dev/disk/by-partuuid/d22e9115-23a5-4f73-9c03-1a3c0a280fc4 File: └─/EFI/redhat/shim.efi ... |