| Summary: | upgrade F26 - F27 fails on reboot due to missing shim.efi | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Whalen <pwhalen> |
| Component: | shim-signed | Assignee: | Peter Jones <pjones> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 27 | CC: | mjg59, pbrobinson, pjones, yves.lecuyer.linfedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | aarch64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | shim-signed-13-0.7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-10-10 19:28:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 245418, 1396705 | ||
|
Description
Paul Whalen
2017-10-02 21:05:30 UTC
shim-signed-13-0.7 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2325fb83d fixed with shim-signed-13-0.7 shim-signed-13-0.7 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2325fb83d shim-signed-13-0.7 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. (In reply to Fedora Update System from comment #4) > shim-signed-13-0.7 has been pushed to the Fedora 27 stable repository. If > problems still persist, please make note of it in this bug report. Yes it was pushed in stable repository, last week on 30 November 2017 when I made my system upgrade toward Fedora 27. =============== Proof: # dnf info shim-x64 Failed to synchronize cache for repo 'local', disabling. Last metadata expiration check: 0:03:41 ago on Mon 04 Dec 2017 06:03:10 PM CET. Installed Packages Name : shim-x64 Version : 13 Release : 0.7 Arch : x86_64 Size : 7.2 M Source : shim-signed-13-0.7.src.rpm Repo : @System (<== so => INSTALLED) From repo : fedora ================ AND IT DOES NOT WORK IN SECURE BOOT enabled (for dual boot purpose: Fedora/Windows2012R2) on my HP EliteBook ! AS explained with many details, on equivalent bug relative to x86_64 architecture: https://bugzilla.redhat.com/show_bug.cgi?id=1512410 SO THERE IS A BUG in the source package itself, or more probably in the private key used to sign shimXXXXX.efi itsself, on Fedora server used to build this package!!! (In reply to Yves L'ECUYER from comment #5) > (In reply to Fedora Update System from comment #4) > > shim-signed-13-0.7 has been pushed to the Fedora 27 stable repository. If > > problems still persist, please make note of it in this bug report. > > Yes it was pushed in stable repository, last week on 30 November 2017 when I > made my system upgrade toward Fedora 27. > =============== > Proof: > # dnf info shim-x64 > Failed to synchronize cache for repo 'local', disabling. > Last metadata expiration check: 0:03:41 ago on Mon 04 Dec 2017 06:03:10 PM > CET. > Installed Packages > Name : shim-x64 > Version : 13 > Release : 0.7 > Arch : x86_64 > Size : 7.2 M > Source : shim-signed-13-0.7.src.rpm > Repo : @System (<== so => INSTALLED) > From repo : fedora > ================ > > AND IT DOES NOT WORK IN SECURE BOOT enabled (for dual boot purpose: > Fedora/Windows2012R2) on my HP EliteBook ! > AS explained with many details, on equivalent bug relative to x86_64 > architecture: > https://bugzilla.redhat.com/show_bug.cgi?id=1512410 > > SO THERE IS A BUG in the source package itself, or more probably in the > private key used to sign shimXXXXX.efi itsself, on Fedora server used to > build this package!!! OK the context of this bug report is not the same as bug1512410 Paul Whalen was just complaining about the lacking of shim.efi in EFI file system. This is no more the case in new package on line shim-x64-13-0.7, because for architecture x86_64 shim.efi and shimx64.efi, exist and have the same content: # ll /boot/efi/EFI/fedora/shim* -rwx------. 1 root root 1293304 Oct 4 17:39 /boot/efi/EFI/fedora/shim.efi -rwx------. 1 root root 1293304 Oct 4 17:39 /boot/efi/EFI/fedora/shimx64.efi -rwx------. 1 root root 1206896 Oct 4 17:39 /boot/efi/EFI/fedora/shimx64-fedora.efi [root@encelade utils]# diff /boot/efi/EFI/fedora/shim.efi /boot/efi/EFI/fedora/shimx64.efi [root@encelade utils]# =========== And I suppose that Paul is not working in a secure boot UEFI environment, so he did not notice the problem with the signature of shim.efi itself ? I made a last comment in bug report 1512410 https://bugzilla.redhat.com/show_bug.cgi?id=1512410#c33 in which I'm talking about what I have experienced. And because Peter Jones, is the member developer team which works on some shim package update, maybe , you can help to solve this problem about booting with shim**.efi, in secure boot environment I have no more ideas, than the ones exposed in this last comment pointed by link above. Thanks for any help |