[Bug 1074917] New: Latest kernel (4.4.104-18.44.1) does not boot and broke shim-install on secure boot - UEFI system
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 Bug ID: 1074917 Summary: Latest kernel (4.4.104-18.44.1) does not boot and broke shim-install on secure boot - UEFI system Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Critical Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: opensusebugtrucking@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After latest kernel upgrade my laptop (HP Elitebook 8440p) go to infinite loop of boot with default (newer) kernel. While I select the previous kernel system boot successfully. I did some investigation and found out that shim-install script failing while trying to run efibootmgr command. I came into issue while I decided to update boot loader settings from yast. I just increased timeout and click save. After short while yast provide me with the message that installation of the x86_64-efi platform was successful, but next there was a statement: requested operation failed: status=8000000000000002. After that I have try to execute this script manually in console with debug enabled. Result was quite strange, because the error status was returned from all commands related to efibootmgr. All removing entries related commands returned this status and finally the add new entry command return the same status. Unfortunately after all this investigation I end up with the broken boot loader. After reboot grub command prompt starts up and I had to enter manually entries to boot successfully to the system. After uninstalling the newest kernel and reapplying boot loader settings by yast boot loader is working fine and grub is working correctly. Right now I have not installed latest kernel, however due to latest fixes to the kernel I'm eager to get it as fast as possible, so may I ask you for any assistance with this issue. Please let me know if you need any further information/log/experiments to drill down into the route cause of the issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 http://bugzilla.opensuse.org/show_bug.cgi?id=1074917#c4 --- Comment #4 from Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> --- I would love to try, but unfortunately, I'm not that advanced in kernel management. Could you provide me with detail, step by step instruction what I should do, please. Eventually I may follow some online instruction how to obtain OBS kernel, unless I misunderstood something. Sorry about that. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 http://bugzilla.opensuse.org/show_bug.cgi?id=1074917#c5 --- Comment #5 from Takashi Iwai <tiwai@suse.com> --- Well, I forgot that you're booting with secure boot. KOTD (kernel-of-the-day) isn't signed with a proper key, so it won't be bootable with secure boot, unfortunately. Can you disable the secure boot temporarily for testing? Basically you need to download kernel-default-4.4.*.rpm from the following URL: http://download.opensuse.org/repositories/Kernel:/openSUSE-42.2/standard/x86... Then install it via zypper in kernel-default-4.4.*.rpm If it complains about the vendor change, answer to ignore ('i'). Then reboot with this kernel (choose the kernel via GRUB menu) and retest without nopti option. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 http://bugzilla.opensuse.org/show_bug.cgi?id=1074917#c6 --- Comment #6 from Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> --- Well, I need to say that something very strange happening. i have read some additional info in internet and based on found information I have installed few additional packages (related to TXT and TPM). After that I was edited grub configuration through Yast (just opened boot loader settings and saved them, nothing changed). Of course it had overwritten may nopti option added. Now situation with boot process is very strange. When I left grub to go with default boot option it goes to infinite reboot loop. However, when I go to advanced options and select default new kernel it boot normally without any visible issue. I have verified boot options for those two entries and they are the same except one thing. In default one on the end of menuentry line there is: gnulinux-simple-UUID whereas in advanced submenu in menuentry for the same kernel version there is: gnulinux-4.4.104-18.44-default-advanced-UUID All rest entries for both are exactly the same. I have no idea what could be wrong here, so any help would be appreciated. Additionally I have realized that in advanced menu there are no entries related to failsafe boot. They are like gone unexpectedly. If I can ask for any help in this as well It would be great. And the final question do I should go with the kernel of the day now or maybe it is better to solve the issues first? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(opensusebugtrucki | |ng@gmail.com) | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 http://bugzilla.opensuse.org/show_bug.cgi?id=1074917#c7 --- Comment #7 from Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> --- Short update, since yesterday things get back to "normal", so I'm not able to boot with newest kernel without nopti switch :-(. However, I'm in parallel trying to solve an issue with GPU on Leap 42.3. I have installed leap 42.3 on separate HDD and do testing according to advice's in another bug. On leap 42.3 with latest kernel, there is no issue with boot procedure. It is working perfectly fine, so maybe newer kernel will solve this issue? can we check this anyhow? Is there any option to have on 42.2 the same kernel as on 42.3? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1074917 http://bugzilla.opensuse.org/show_bug.cgi?id=1074917#c8 --- Comment #8 from Piotr Kardasinski-Bunalski <opensusebugtrucking@gmail.com> --- Hello, another update. I have did some further investigation and finally found out that the issue probably came from TPM modules installed. I do some comparison between my 42.2 and newly installed 42.3 and found this difference. So, I uninstalled all TPM related modules and now boot procedure works without any issues. I'm not sure if TPM management is working well with UEFI secure boot, because I found on TPM module site that they commit to not support this case. However on boot options in opensuse this combination is available. Maybe it should not be possible to go with TPM setting if they are not working well together. This way or another, now all working fine, so issue is solved for now :-). Thanks a lot for your help and support. In case you need any more testing, just let me know, other ways this bug could be closed. Regards Piotr -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com