------- Comment From daniel.axte...@ibm.com 2020-11-25 06:47 EDT------- Hi,
Thanks, I'll look at sources tarball, hopefully tomorrow. (I'm in AU, so no thanksgiving here!) Have you tested this on any of your local systems? I can't get it to work much on P9, even on stock hardware/qemu without any secure-boot features. Indeed, it even fails on qemu TCG (so you don't actually need a Power system at all!): qemu-system-ppc64 -M pseries -m 1G -nographic -vga none -smp 4 -cpu power9 -kernel dbg/usr/lib/debug/boot/vmlinux-5.10.0-4-generic Actually, the failure matrix is really interesting: Power8 host + KVM + grub -> boots Power9 host bare metal (kexec) -> fails Power9 host + KVM + grub -> fails Power9 host + KVM + qemu -kernel -> boots qemu TCG + power9 cpu -> fails qemu TCG + power8 cpu -> fails I'm assuming the tarball includes the debian/patches directory, in which case it should be easy to apply and git bisect. Kind regards, Daniel (IBMers: is there someone outside the security team that we should pull in? It doesn't seem at all to be a security-related issue.) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1904906 Title: 5.10 kernel fails to boot with secure boot disabled Status in The Ubuntu-power-systems project: New Status in linux package in Ubuntu: New Bug description: Canonical requests to test the secure boot for the 5.10 kernel but kernel fails to boot with secure boot disabled. The 5.10 kernel can be found in: https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/bootstrap They can be installed by installing the linux-generic-wip package with this PPA enabled. As usual, they are only signed using a key specific to that PPA. This key can be retrieved from the signing tarballs for the kernels, e.g.: http://ppa.launchpad.net/canonical-kernel- team/bootstrap/ubuntu/dists/hirsute/main/signed/linux-5.10-ppc64el/5.10.0-2.3/signed.tar.gz Our tester installed the 5.10 kernel via aptitude. If booting directly from the bootmenu, it stucks at: "kexec_core: Starting new kernel" If booting recovery kernel for 5.10.0, it proceeds farther and after kexec_core, it failed at: " [ 0.029830] LSM: Security Framework initializing [ 0.029916] Yama: b " Two attempts with a different scenario; running with 5.8 kernel and boot via commandline for 5.10: kexec -l /boot/vmlinux-5.10.0-0-generic --initrd=/boot/initrd.img-5.10.0-0-generic --append="root=UUID=49d000cb-dba2-4d70-809e-38f2b31d0f09 ro quiet splash" kexec -e Both attempts also failed while rebooting, once with the same error as the error from booting with bootmenu; the other failure occurred a lot earlier. Wondering what new CONFIGs and/or features for the 5.10 kernel? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1904906/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
