2014257 – shim doesn't load anything but grub

Bug 2014257 - shim doesn't load anything but grub

Summary: shim doesn't load anything but grub

Keywords:
Status:	CLOSED DUPLICATE of bug 2010595
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shim
Sub Component:
Version:	34
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Peter Jones
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-10-14 18:08 UTC by Roman Kagan
Modified:	2021-11-29 21:43 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-29 21:43:13 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Roman Kagan 2021-10-14 18:08:39 UTC

Description of problem:

On my Lenovo Thinkpad X1 Carbon Gen6 firmware capsue updates don't get installed because the system never boots into the updater application.

It used to work with some earlier versions but doesn't now.  Essentially the only way to install the updates is to manually set up a boot entry, temporarily disable SecureBoot, boot into the updater, and then restore SecureBoot.

Verbose logs, when set up with "mokutil --set-verbosity true", suggest that shim does find fwupdx64.efi but then loads grubx64.efi.

Version-Release number of selected component (if applicable):

shim-x64-15.4-4.x86_64

How reproducible:

100%%

Steps to Reproduce:
1. install an update with fwupdmgr
2. verify there's a boot entry for it
3. reboot

Actual results:

system boots again into grub then linux

Expected results:

fwupdx64.efi is executed and sets up a firmware update

Additional info:

The logs contain (approximate wording as remembered while watching the logs scroll)

...
is_our_path:XXX:dbpath: \EFI\fedora\shimx64.efi
is_our_path:XXX:path:   \fwupdx64.efi
load_imge:XXX:attempting to load \EFI\fedora\shimx64.efi
...

Comment 1 Roman Kagan 2021-10-14 18:12:42 UTC

AFAICT from the source code, shim.c:set_second_state:

EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
{
	...
	UINTN loader_len = 0;
	...
	UINTN strings = count_ucs2_strings(li->LoadOptions,
					   li->LoadOptionsSize);
	...
	if (strings == 0) {
		efi_status = get_load_option_optional_data(li->LoadOptions,
							   li->LoadOptionsSize,
							   (UINT8 **)&start,
							   &loader_len);
		...
	} else if (strings >= 2) {
		...
	} else if (strings == 1 && is_our_path(li, start)) {
		...
	}
	...
	if (loader_len > 0) {
		loader_str = ... make a copy of the loader path ...;
		...
		second_stage = loader_str;
		...
	}
	...
}

that is, in the case where the path of the second stage is found in li->LoadOptions as a string rather than a full-fledged EFI_LOAD_OPTION, loader_len remains 0 and second_stage is not updated with the string just found, so shim loads the default second stage (grubx64.efi) regardless of the options.

FWIW the code on branch shim-15.5 seems to have this problem resolved.

Comment 2 Peter Robinson 2021-11-29 21:43:13 UTC


*** This bug has been marked as a duplicate of bug 2010595 ***

Note You need to log in before you can comment on or make changes to this bug.