Secure boot installation of uc22 does not work since 22-0.2

canonical / pc-gadget

The gadget snap for Personal Computers using 64bit Intel or AMD processors

GNU General Public License v3.0

31 stars 73 forks source link

Secure boot installation of uc22 does not work since 22-0.2 #57

Closed valentindavid closed 2 years ago

valentindavid commented 2 years ago

I could still install on qemu with secure boot and tpm2, UC22 with pc gadget 22-0.1 (118).

Since 22-0.2 (119), that does not work anymore. After reboot, snap-bootstrap cannot unlock the encrypted partitions.

Also grub prints /EndEntire two times. Though I do not think it is related, but we do not need this messages in the console.

valentindavid commented 2 years ago

Is this related to https://github.com/snapcore/snapd/pull/11437 ?

xnox commented 2 years ago

No this is not related to the shim-fallback support that has not landed yet.

I will check the differences between 118 & 119, i think it was supposed to be just a no change rebuild.....

xnox commented 2 years ago

119 snap was built with jammy's 2.06 grub which doesn't do measurements correctly, meaning TPM measurements prediction doesn't match reality and one is dropped to recovery passphrase boot.

We should update snapcraft to be buildable locally, but still point at focal binaries for now.

xnox commented 2 years ago

Fixed in revision 120 in 22/edge