Ubuntu
shim package

5s boot delay added when System BootOrder not found

Bug #1922581 reported by Joshua Powers
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
shim (Ubuntu)
Fix Released
High
Unassigned

Bug Description

# Overview
Recent changes in boot logic moved grub from "removable disk" path to "/efi/ubuntu" in order to fix grub package updates. This had the side-effect of adding a 5-second boot delay in images. This was discovered in GCE images booting Bionic or newer, when vTPM is present.

# Expected result
The system to correctly boot from the first boot entry with no delay.

# Actual result
The system cannot find "System BootOrder", initializes defaults, and creates a 5-second delay in boot.

# Steps to reproduce
1. Launch any GCE bionic or newer image after 20210224
2. View the serial console for the image and look for: "System BootOrder not found. Initializing defaults." Afterward, there were are messages counting down, starting with "Booting in 5 seconds"

# Logs
GCE Image 20210211: https://pastebin.ubuntu.com/p/JdgfRbZrCY/
GCE Image 20210224: https://pastebin.ubuntu.com/p/M7d4SZ4BJ3/

See original description
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Note that vTPM presence is at stake here too.

Without vTPM there are no delays.

description: updated
Dimitri John Ledkov (xnox)
Changed in shim (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Igor Avramovic (igorav) wrote :

Hi Dimitri, are there any updates on this bug and what resolution options we have?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shim - 15.4-0ubuntu1

---------------
shim (15.4-0ubuntu1) hirsute; urgency=medium

  [ Dimitri John Ledkov ]
  * New upstream release 15.4 LP: #1921134
    - Update the commit hash in debian/rules
  * debian/rules: add request to sign EFI binaries with archive signing key.
  * debian/rules: stop using ENABLE_SHIM_CERT=1.
  * debian/rules: add canonical 2021 DBX.
  * deiban/rules: start using DISABLE_EBS_PROTECTION=1 to allow
    chainloading shim to shim, and shim to kernel.efi.
  * Add shim-dbg package, skip stripping files.
  * Update watch file, now uscan can generate new upstream tarballs.
  * Upgrade to debhelper 12.
  * Drop gnu-efi build-dep, now vendored upstream.
  * Add debian/rules target to generate gnu-efi components.
  * Do not clean gnu-efi Makefile.orig
  * Remove fallback 5s delay with TPM. LP: #1922581
  * Add xxd build-dep to run unittests.

  [ Chris Coulson ]
  * Drop patches that are fixed upstream:
    - debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch
    - debian/patches/MokManager-avoid-unaligned.patch
    - debian/patches/tpm-correctness-1.patch
    - debian/patches/tpm-correctness-2.patch
    - debian/patches/tpm-correctness-3.patch
    - debian/patches/MokManager-hidpi-support.patch
    - debian/patches/fix-path-checks.patch
  * Drop the ENABLE_HTTPBOOT option - this is always built now.
    - update debian/rules
  * Add vendor SBAT metadata to shim.
    - add debian/sbat.ubuntu.csv.in
    - update debian/rules
  * Add vendor dbx esl to include-binaries
  * Build-depend on dos2unix
    - update debian/control

 -- Dimitri John Ledkov <email address hidden> Wed, 24 Mar 2021 11:32:25 +0000

Changed in shim (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.