I've had the very same issue for the first time with Kubuntu 16.04 LTS (that's not a typo, the issue is with both versions).
Roger Wolf explained on AskUbuntu[1] that's it's because the output of whiptail is being redirected to /dev/null. And indeed, by answering the questions I could read thanks to htop, I got out of the hang flawlessly. I've done countless upgrades on the same machine in the past, and I've been asked the same question serveral times before without it being redirected to /dev/null, so I assume the issue is new for the 16.04. Maybe some recent backport of the 18.04 bug? [1] https://askubuntu.com/questions/1052000/all-kernel-upgrades-hang-on- update-secureboot-policy-enroll-key -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1799279 Title: kernel update hangs inside update-secureboot-policy Status in apt package in Ubuntu: Confirmed Bug description: I just ran `apt-get --auto-remove dist-upgrade` on 18.04. It is hung on update-secureboot-policy waiting for confirmation from whiptail. apt-get --auto-remove dist-upgrade | -/usr/bin/dpkg --status-fd 80 --configure --pending | -/bin/sh /var/lib/dpkg/info/linux-headers-4.15.0-38-generic.postinst configure | -run-parts --report --exit-on-error --arg=4.15.0-38-generic /etc/kernel/header_postinst.d | -/bin/sh /usr/lib/dkms/dkms_autoinstaller start 4.15.0-38-generic | -/bin/bash /usr/sbin/dkms autoinstall --kernelver 4.15.0-38-generic | -/bin/bash /usr/sbin/dkms autoinstall --kernelver 4.15.0-38-generic | -/usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key | -/bin/sh /usr/sbin/update-secureboot-policy --enroll-key -whiptail --backtitle Package configuration --title Configuring Secure Boot --output-fd 12 --nocancel --msgbox Your system has UEFI Secure Boot enabled. UEFI Secure Boot requires additional configuration to work with third-party drivers. The system will assist you in configuring UEFI Secure Boot. To permit the use of third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key now needs to be enrolled in your system's firmware. To ensure that this change is being made by you as an authorized user, and not by an attacker, you must choose a password now and then confirm the change after reboot using the same password, in both the "Enroll MOK" and "Change Secure Boot state" menus that will be presented to you when this system reboots. If you proceed but do not confirm the password upon reboot, Ubuntu will still be able to boot on your system but any hardware that requires third-party drivers to work correctly may not be usable. --scrolltext 20 77 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: apt 1.6.3ubuntu0.1 ProcVersionSignature: Ubuntu 4.15.0-36.39-generic 4.15.18 Uname: Linux 4.15.0-36-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Oct 22 15:15:56 2018 InstallationDate: Installed on 2018-09-27 (25 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) SourcePackage: apt UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1799279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
