This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1970077
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1970077
Title:
efivars file system missing in Ubuntu 22.04 real-time kernel
Status in ubuntu-realtime:
Triaged
Status in linux package in Ubuntu:
Incomplete
Bug description:
In Ubuntu 22.04 generic kernel like 5.15.0-23, efivars file system is
mounted and is visible in the output of mount command, however in
Ubuntu 22.04 real-time kernel like 5.15.0-1005-realtime or
5.15.0-1007-realtime, efivars file system is missing. Intel SGX
feature relies on efivars file system to function, could u please
investigate this issue? Thanks.
---
In ubuntu, multiple things rely on reliable access to efivars (read-
only) and to have ability to manipulate them too (read-write). Thus
imho we should revert the v5.15 patch that turns efivars by default;
and in later series update annotation to keep it on, even under
realtime.
Things sort of work on boot, as shim fallback app (fb*.efi) parsses,
loads and sets initial boot variables. However subsequent updates to
our bootloaders (shim, grub, nullboot, snapd) do not know if they are
set, if they are correct, or if they can be used. Functionality that
is missing on such systems is then thus inability to install fw
updates with fwupd, inatibility to boot into firmware setup (systemctl
reboot --firmware-setup), and inability to predict measurements to
predict sealing policies with new updates in case of TPM based sealed
secrets (i.e. UC based FDE, systemd based secrets, SGX, etc).
I will use this bug report to address this by default. Users that are
concerned about userspace/OS accessing and using efivars during
maintainance operations (package upgrades) or during runtime otherwise
(arbitrary calls to bootctl for example), should consider getting
hardware that has realtime aware EFI implementation, or modify their
classic or core systems to disable efi runtime services by opting-out
of efivars.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-realtime/+bug/1970077/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
