Ubuntu
shim-signed package

  1. Bug #2008120
  2. Comment #0

Comment 0 for bug 2008120

Revision history for this message
Aaron Rainbolt (arraybolt3) wrote : Third-party drivers are silently left unsigned when installing Ubuntu Desktop on a system with Secure Boot, Broadcom WiFi, and LVM+encryption

Hardware: HP Elitebook 8570p, 120 GB SSD, 16 GB RAM, Intel Core i5-3210m, UEFI, Secure Boot enabled.

Steps to reproduce:
1. Flash the Ubuntu Desktop ISO to a USB drive using balenaEtcher. (I flashed mine to an SD card using an SD card slot in a different laptop, then put the SD card in a card reader and booted this laptop from it, but that shouldn't make any difference.)
2. Using the new USB drive, boot a laptop with UEFI, Secure Boot enabled, and Broadcom WiFi.
3. When the welcome screen appears, click "Install Ubuntu".
4. When given the option, enable third-party drivers and enter a password for configuring Secure Boot.
5. When presented with the 'Installation type' screen, choose to erase the entire disk and install Ubuntu, then enable LVM+encryption.
6. Proceed with the rest of the installation as normal.
7. When installation is finished, reboot. You will see the MOK enrollment screen.
8. Enroll the MOK using the same password you entered during the installation process.
9. Reboot again.

Expected result: When the Ubuntu desktop appears, WiFi should be fully functional.

Actual result: WiFi is disabled when the Ubuntu desktop appears, and cannot be enabled.

Notes:

Attempting to manually load the Broadcom WiFi driver via "sudo modprobe wl" resulted in the error "modprobe: ERROR: could not insert 'wl': Key was rejected by service".

I was able to get WiFi working after installation by running "sudo dpkg-reconfigure bcmwl-kernel-source". This prompted me to enroll a MOK *a second time*. I used the same password for the second enrollment. I rebooted the system after using dpkg-reconfigure and I was indeed presented with the MOKManager screen. After enrolling this second MOK, I rebooted and WiFi worked as expected.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-32-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed Feb 22 12:13:32 2023
InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
InstallationDate: Installed on 2023-02-22 (0 days ago)
InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ubiquity
UpgradeStatus: No upgrade log present (probably fresh install)