** Description changed: + [ Impact ] + + The Raspberry Pi pre-installed desktop images boot in systemd "degraded" + state, as pd-mapper (from protection-domain-mapper) which is specific to + Qualcomm Snapdragon hardware, is erroneously included on the images. + This makes it difficult to figure out if something is *actually* wrong + with the system as it appears something is "always" wrong. + + Furthermore, given comment 5 from the security team, it may constitute a + security risk. + + [ Test Plan ] + + This was fixed in the oracular seed prior to release, thus only noble is + affected. For the noble pre-installed desktop image: + + * Flash 24.04.1 image to a fresh SD card + * Boot on any supported Pi model + * systemctl status + * Verify status is "degraded" + * Enable proposed (https://wiki.ubuntu.com/Testing/EnableProposed) + * sudo apt install -t noble-proposed ubuntu-desktop-minimal + * sudo apt autoremove + * Check that protection-domain-mapper is removed as no longer required + * sudo reboot + * systemctl status + * Verify status is "running" and not "degraded" + + For Dave (not including full instructions for the sake of brevity, but + if anyone else wants to try this I can provide instructions on request): + + * Build 24.04.2 image locally with proposed pocket + * Check manifest output and ensure that protection-domain-mapper does *not* appear + * Flash image to fresh SD card + * Boot on supported Pi model + * Run through initial setup + * Reboot + * systemctl status + * Verify status is "running" + + [ Regression Potential ] + + The commit in question which is being reverted included three packages + in desktop-minimal (for arm64 specifically): protection-domain-mapper, + qrtr-tools, and flash-kernel. The first two are Qualcomm specific + packages that should be removed. The third, flash-kernel, is actually + required on the Raspberry Pi images, but should still be pulled in via + the raspi-common platform seed. + + This is partly the reason for including a build of the raspi image in + the test plan above (also to ensure that both upgraders and fresh + installs will both see the fix). + + Other than this, the regression potential is low. The service in + question (pd-mapper) simply fails on non-Qualcomm hardware, so unless + something is actively relying on that failure (which would be ... odd), + there should be no other effect. + + [ Original Description ] + The protection-domain-mapper package (and qrtr-tools) are both installed by default on the Ubuntu Desktop for Raspberry Pi images, thanks to their inclusion in the desktop-minimal seed for arm64. However, there's no hardware that they target on these platforms, and the result is a permanently failed service (pd-mapper.service). It appears these were added to support the X13s laptop [1]. I've attempted to work around the issue by excluding these packages in the desktop-raspi seed (experimentally in my no-pd-mapper branch [2]) but this does not work (the packages still appear in the built images). Ideally, these packages should be moved into a hardware-specific seed for the X13s (and/or whatever other laptops need these things). Alternatively, at a bare minimum, the package should have some conditional that causes the service not to attempt to start when it's not on Qualcomm hardware. [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu- seeds/+git/ubuntu/commit/desktop- minimal?id=afe820cd49514896e96d02303298ed873d8d7f8a [2]: https://git.launchpad.net/~waveform/ubuntu- seeds/+git/ubuntu/commit/?id=875bddac19675f7e971f56d9c5d39a9912dc6e38
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to qrtr in Ubuntu. https://bugs.launchpad.net/bugs/2062667 Title: [SRU] Fails on (and should be removed from) raspi desktop Status in protection-domain-mapper package in Ubuntu: Invalid Status in qrtr package in Ubuntu: Invalid Status in ubuntu-meta package in Ubuntu: Fix Released Status in protection-domain-mapper source package in Noble: Invalid Status in qrtr source package in Noble: Invalid Status in ubuntu-meta source package in Noble: Confirmed Bug description: [ Impact ] The Raspberry Pi pre-installed desktop images boot in systemd "degraded" state, as pd-mapper (from protection-domain-mapper) which is specific to Qualcomm Snapdragon hardware, is erroneously included on the images. This makes it difficult to figure out if something is *actually* wrong with the system as it appears something is "always" wrong. Furthermore, given comment 5 from the security team, it may constitute a security risk. [ Test Plan ] This was fixed in the oracular seed prior to release, thus only noble is affected. For the noble pre-installed desktop image: * Flash 24.04.1 image to a fresh SD card * Boot on any supported Pi model * systemctl status * Verify status is "degraded" * Enable proposed (https://wiki.ubuntu.com/Testing/EnableProposed) * sudo apt install -t noble-proposed ubuntu-desktop-minimal * sudo apt autoremove * Check that protection-domain-mapper is removed as no longer required * sudo reboot * systemctl status * Verify status is "running" and not "degraded" For Dave (not including full instructions for the sake of brevity, but if anyone else wants to try this I can provide instructions on request): * Build 24.04.2 image locally with proposed pocket * Check manifest output and ensure that protection-domain-mapper does *not* appear * Flash image to fresh SD card * Boot on supported Pi model * Run through initial setup * Reboot * systemctl status * Verify status is "running" [ Regression Potential ] The commit in question which is being reverted included three packages in desktop-minimal (for arm64 specifically): protection-domain-mapper, qrtr-tools, and flash-kernel. The first two are Qualcomm specific packages that should be removed. The third, flash-kernel, is actually required on the Raspberry Pi images, but should still be pulled in via the raspi-common platform seed. This is partly the reason for including a build of the raspi image in the test plan above (also to ensure that both upgraders and fresh installs will both see the fix). Other than this, the regression potential is low. The service in question (pd-mapper) simply fails on non-Qualcomm hardware, so unless something is actively relying on that failure (which would be ... odd), there should be no other effect. [ Original Description ] The protection-domain-mapper package (and qrtr-tools) are both installed by default on the Ubuntu Desktop for Raspberry Pi images, thanks to their inclusion in the desktop-minimal seed for arm64. However, there's no hardware that they target on these platforms, and the result is a permanently failed service (pd-mapper.service). It appears these were added to support the X13s laptop [1]. I've attempted to work around the issue by excluding these packages in the desktop-raspi seed (experimentally in my no-pd-mapper branch [2]) but this does not work (the packages still appear in the built images). Ideally, these packages should be moved into a hardware-specific seed for the X13s (and/or whatever other laptops need these things). Alternatively, at a bare minimum, the package should have some conditional that causes the service not to attempt to start when it's not on Qualcomm hardware. [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu- seeds/+git/ubuntu/commit/desktop- minimal?id=afe820cd49514896e96d02303298ed873d8d7f8a [2]: https://git.launchpad.net/~waveform/ubuntu- seeds/+git/ubuntu/commit/?id=875bddac19675f7e971f56d9c5d39a9912dc6e38 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protection-domain-mapper/+bug/2062667/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
