fwupdate-signed doesn't get installed on upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-release-upgrader (Ubuntu) |
Fix Released
|
Undecided
|
Dimitri John Ledkov |
Bug Description
This machine was upgraded from Ubuntu 14.04 installed in UEFI mode. After upgrading fwupdate gets installed (as it's Recommends for ubuntu-desktop) but fwupdate-signed isn't installed. The net results is that even though this machine now supports firmware updates (in 16.04), upon upgrading they can't be used when secure boot is turned on.
Ubuntu 16.04 fresh install behavior is to install fwupdate-signed if the machine is running in UEFI mode so that firmware support will work if the machine supports it.
So the update process should query whether installed in UEFI mode and if so also mark fwupdate-signed for installation.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ubuntu-
ProcVersionSign
Uname: Linux 4.4.0-18-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: Unity
Date: Mon Apr 18 09:18:10 2016
DistributionCha
# This is a distribution channel descriptor
# For more information see http://
canonical-
InstallationDate: Installed on 2016-04-03 (14 days ago)
InstallationMedia: Ubuntu 14.04 "Trusty" - Build amd64 LIVE Binary 20150720-04:06
PackageArchitec
SourcePackage: ubuntu-
Symptom: ubuntu-
UpgradeStatus: Upgraded to xenial on 2016-04-18 (0 days ago)
Yes, I have hit this bug with my laptop during xenial release sprint. My understanding was that we have agreed to make -signed to be installed by default, however naive approach was shut-down due to dependency cycle (can't remember exactly now). At the time I have manually installed -signed to get the fwupdates working. But we should be install -signed by default. Similar to how installers no longer make destinction between signed/unsigned installs -> we always install both, as one can flip between signed and unsigned boot throughout the lifetime of the machine.