Proposed shim package will cause system complain "Failed to set MokSBStateRT: (2) Invalid Parameter"

Note that this issue can be reproduced on a Dell Inspiron 7560 (201606-22349) laptop as well.

And the OEM image is affected too.

This change was made by a bot.

Note that you can verify this issue by downgrading grub-related packages from proposed to updates:

sudo apt-get install shim=0.8-0ubuntu2 shim-signed=1.19~16.04.1+0.8-0ubuntu2 grub-efi-amd64-bin=2.02~beta2-36ubuntu3.2 grub2-common=2.02~beta2-36ubuntu3.2 grub-common=2.02~beta2-36ubuntu3.2 grub-efi-amd64=2.02~beta2-36ubuntu3.2 grub-efi-amd64-signed=1.66.2+2.02~beta2-36ubuntu3.2

This issue is caused by the Dell machines have already embedded the MokSBStatesRT variable with EFI_VARIABLE_NON_VOLATILE attribute, and the new shim-signed 1.21.4 include the patch which will mirror the MokSBStatesRT when MokSBState exists, see the https://github.com/rhinstaller/shim/commit/8f1bd605d05077a76502de5510cc937c4f4c62dd, and it causes the setvariable MokSBStatesRT failed because it has already existed with different attribute.

Attached the patch which can be used to solve this issue by checking the MokSBStateRT existence and deleting it before mirroring it.

This patch had been sent to upstream and wait for feedback.

The attachment "0001-shim-fix-the-mirroring-MokSBState-fail.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

On Tue, Nov 29, 2016 at 07:24:32AM -0000, Ivan Hu wrote:
> This issue is caused by the Dell machines have already embedded the
> MokSBStatesRT variable with EFI_VARIABLE_NON_VOLATILE attribute, and the
> new shim-signed 1.21.4 include the patch which will mirror the
> MokSBStatesRT when MokSBState exists, see the
> https://github.com/rhinstaller/shim/commit/8f1bd605d05077a76502de5510cc937c4f4c62dd,
> and it causes the setvariable MokSBStatesRT failed because it has
> already existed with different attribute.

Are the machines that have this variable pre-set in production, or are these
dev systems? Does this issue block the boot or does it "just" generate an
ugly error message? From your perspective, should this block release of
this SRU, which has been delayed several times and will require another
round trip to Microsoft for signing to get this new patch included?

The current version of shim is known to have failures correctly booting to
e.g. fwupdate.efi (bug #1581299). The pending SRU fixes this.

@Steve

The machines have been in production and sold more than one year. Unfortunately the error message is print out by console error,
console_error(L"Failed to set MokSBStateRT", efi_status);
It will block the boot with ugly full blue screen and wait for user's "enter" to continue to boot.

I believe it is better that the new SRU should wait for the new patch included, because there might be a lot of Dell machine users affected.

We're still waiting for the updated shim to be signed; I'll update again as soon as we have more information.

the patch has been accepted by upstream, commit# 07bda58596608f05bfa035a1cc5710f5ac8ea3d9
on https://github.com/rhinstaller/shim

Yes, the patches are ready and reviewed and good; we're just waiting for the shim upload to be signed by Microsoft.

This bug has been resolved for zesty with shim-signed 1.27.

For previous releases, the affected package was withdrawn from the -proposed queue.

The verification of the Stable Release Update for shim has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This has been pushed to trusty-proposed; and needs validation. Unfortunately, I do not have access to hardware to do that validation myself. Ivan, could you help?

This bug was fixed in the package shim - 0.9+1474479173.6c180c6-1ubuntu1

---------------
shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium

  [ Steve Langasek ]
  * Merge (not yet NEW cleared) changes from Debian branch.

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard
    against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu
    for the patch. This will fix issues updating MokSBStateRT if the variable
    already exists with different attributes. (LP: #1644806)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 01 Dec 2016 16:55:50 -0500

This bug was fixed in the package shim-signed - 1.32~14.04.2

---------------
shim-signed (1.32~14.04.2) trusty; urgency=medium

  * Backport shim-signed 1.32 to 14.04. (LP: #1700170)