Provide better error message when MokManager is not found #663
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If MokManager has to be entered but system is booting on disk on EFI/BOOT/BOOTx.EFI entry, MokManager cannot be found because it's not in that directory. This indicates an issue with the BootOrder or the UEFI firmware is just not taking BootOrder into account (seen on Lenovo ThinkPad P1 Gen 6 and VMWare). This patch prints a related message and reboots after 10 seconds. Reproducer: 1. Import a certificate using mokutil 2. Tell UEFI to boot on BOOTX64.EFI entry on next boot Result without the patch with verbosity: ----------------------------------------------------------------------- mok.c:1045:import_mok_state() checking mok request shim.c:866:load_image() attempting to load \EFI\BOOT\mmx64.efi Failed to open \EFI\BOOT\mmx64.efi - Not Found Failed to load image 貘給: Not Found shim.c:888 load_image() Failed to open \EFI\BOOT\mmx64.efi - Not Found shim.c:1115 read_image() Failed to load image 貘給: Not Found Failed to start MokManager: Not Found mok.c:1047:import_mok_state() mok returned Not Found Something has gone seriously wrong: import_mok_state() failed: Not Found ----------------------------------------------------------------------- Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Without the patch: ----------------------------------------------------------------------- Failed to open \EFI\BOOT\mmx64.efi - Not Found Failed to load image 貘給: Not Found ----------------------------------------------------------------------- With the patch: ----------------------------------------------------------------------- Failed to open \EFI\BOOT\mmx64.efi - Not Found Failed to load image \EFI\BOOT\mmx64.efi: Not Found ----------------------------------------------------------------------- Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
rmetrich
force-pushed
the
MokManager_not_found
branch
2 times, most recently
from
6a8b204
to
a0695a8
Compare
Required because is_removable_media_path() is implemented in shim.c but shim.c cannot be sourced for unit tests because of dependencies on openssl files. Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If MokManager has to be entered but system is booting on disk on
EFI/BOOT/BOOTx.EFIentry, MokManager cannot be found because it's not in that directory.This indicates an issue with the BootOrder or the UEFI firmware is just not taking BootOrder into account (seen on Lenovo ThinkPad P1 Gen 6 and VMWare).
This patch prints a related message and reboots after 10 seconds.
Reproducer
Result without the patch (with verbosity enabled)
Result with the patch
Box with title "Could not find MokManager" and message "Boot Order must be misconfigured or not honored by the UEFI firmware.", then system rebooted after 10 seconds (in hope the BootOrder will be good next time).