On Sun, Jul 25, 2021 at 08:19:55PM +0500, Roman Mamedov wrote: >On Sun, 25 Jul 2021 12:43:48 +0100 >Steve McIntyre <st...@einval.com> wrote: > >> Which provider is using secure boot on arm64 at this point? I've not >> heard of any. Can you share details of package versions etc. for that >> please? > >It is the Oracle Cloud. > >Actually I am not certain they use secure boot, or that the lack of signature >is the issue. According to serial console, the issue was a fatal crash in the >UEFI boot loader (TianoCore). So I assumed it could be because it did not find >the signature it was expecting to validate.
OK. I think I know what the problem is here. See below... >Unfortunately I did not save the crash messages and cannot reproduce it for >now, as I am not longer able to start my instances due to "Out of host >capacity" at the provider. > >As for the package versions, I was using the vanilla Debian Buster. OK, thanks for that information. In your next mail, I can see your log shows shim-signed version 1.36~1+deb10u1+15.4-5~deb10u1. Despite testing that version on various arm64 platforms before release, *after* the 10.10 point release we found that version can also crash and fail to boot in some circumstances. I think that's your problem here. :-( When we found that problem, as an immediate workaround I released a newer shim-signed package into the buster-updates repo which solves it: version 1.36~1+deb10u2+15.4-5~deb10u1 (note the deb10u1->deb10u2). I can see that your system is showing buster-updates in its list of package sources, so I'm very confused as to what's happened there and why your system did not pick up the later version. Argh! -- Steve McIntyre, Cambridge, UK. st...@einval.com “Why do people find DNS so difficult? It’s just cache invalidation and naming things.” -– Jeff Waugh (https://twitter.com/jdub)
