Okay, first of all: I'm sorry for not reporting back earlier. Asides that, I still consider this as a bug and bad user experience, as we / the linux community strives to encourage people to secure their systems and encrypt or sign content.
Shortly after I reported in September I had no better solution than to reinstall the whole system, because there was no bootable kernel left in the grub menu. I've installed the desktop same as before and as advised to the public: - full disk encrypted - automatic updates enabled Some time after that I ran into the same problem, but this time I had some time to dig deeper AND I remembered from the installation procedure that there was a message about my enabled Secure Boot flag in the UEFI BIOS. Given that I found out that there are installed kernel modules from the - integrated Intel Graphics - nVidia Graphics card - Virtual Box Networking Modules which are signed but not under the new kernel (apt-get dist-upgrade has run). Temporary solution for me: I found a guide to sign those modules with a self-signed certificate and enroll this within Secure Boot. Furthermore I hacked a script that looks for the currently installed and other available kernel versions and offers to sign all installed kernel modules ahead of rebooting the new kernel. Possible solution for everyone affected: Since my solution involves a manual task and self-signed certificates it is not that suitable to the "faint hearted" masses, that don't even get that close to any other solution than to disable SecureBoot at all (Numerous "hints" in the Ubuntu forums or StackExchange lead people to disable it, although there is a way to make it work.) - I think a better approach whould be to force creation and presence of self-signed certificates during the installation phase or during kernel upgrades. - Additionally post-kernel-upgrade installation steps should automatically look for a (default location/filename of) signature certificate and sign remaining kernel modules. I know this approach might "white-label" kernel modules of unknown source, but I think this is the lesser pain than disabling secure boot at all. Contrary the current state leaves users of full disk encryption and Secure Boot without any clue on what went wrong since the last shutdown or reboot. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1621367 Title: 4.4.0-36: keyboard dead at boot & full disk encryption prompt for password Status in linux package in Ubuntu: Confirmed Bug description: After updating to kernel 4.4.0-36.55, I cannot enter the password for the full disk encrypted drive, that contains the ubuntu installation. Keyboard is totally dead. Nothing else than hardware reset is possible. This bug affects normal, upstart and recovery boot. I don't know whether that is a kernel panik (no led is blinking) or the driver for keyboard is failing. boot.log looks normal to me. Last and working kernel version before the update, was "Ubuntu 4.4.0-34.53-generic 4.4.15". I cannot report "ubuntu-bug linux", because I cannot enter the system. I am willing to investigate, but please give me hints. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1621367/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
