Ubuntu
shim package

shim-signed package can not be configured on Lenovo Yoga C630 WOS

Bug #1853022 reported by RussianNeuroMancer on 2019-11-18

This bug report is a duplicate of: Bug #1851955: installation fails in grub-install with: efivarfs_set_variable: writing to fd <N> failed: Invalid argument. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	grub2 (Ubuntu)	New	Undecided	Unassigned
	shim (Ubuntu)	New	Undecided	Unassigned

Bug Description

Hello!

Besides issue with shim itself described in Bug 1849863 I noticed that there is also issue with shim-signed package installation script. Attempt to install shim-signed on Lenovo Yoga C630 WOS cause following errors and left shim-signed package in unconfigured state, which will cause more issues later on (for instance update-manager will always try configure shim-signed on every upgrade).

Installing for arm64-efi platform.
grub-install: warning: Cannot set EFI variable Boot0000.
grub-install: warning: efivarfs_set_variable: writing to fd 7 failed: Invalid argument.
grub-install: warning: efivarfs_set_variable: failed to unlink /sys/firmware/efi/efivars/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c: Invalid argument.
grub-install: warning: _efi_set_variable_mode: ops->set_variable() failed: Invalid argument.
grub-install: error: failed to register the EFI boot entry: Invalid argument.
dpkg: error processing package shim-signed (--configure):
installed shim-signed package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.8.7-3) ...
Errors were encountered while processing:
shim-signed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up shim-signed (1.39+15+1533136590.3beb971-0ubuntu1) ...

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2019-12-15:

It is correct, On the yoga C630 WOS normal UEFI variable writting is not supported by the hardware firmware.

At most, I have managed to use Windows 10 utilities to override the path of the windows bootloader to point at the grub efi app, and can be done to point at the shim.

Revision history for this message

RussianNeuroMancer (russianneuromancer) wrote on 2019-12-15:

Isn't these ARM laptops is only aarch64 devices that need signed shim to boot with enabled Secure Boot? Maybe it's make sense to modify shim-signed package to not fail if UEFI variable can not be modified and throw warning message instead?

I propose this because AFAIK this "UEFI variable writing" issue is not going anywhere anytime soon, and current version of the script prevent regular distribution upgrades because shim-signed package installation/upgrade will always fail.