On 9/30/2020 8:17 AM, Chris Murphy wrote:
> On Wed, Sep 30, 2020 at 2:05 AM Marius Schwarz <fedoradev@cloud-foo.de> wrote:
>> Hi,
>>
>> the livecds from F32 and F33 are suffering from a problem not booting on
>> Microsoft device(s)
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1879921
>> https://bugzilla.redhat.com/show_bug.cgi?id=1883593
>>
>> F31 is booting fine, the newer ones not. Looks like a GrubBootloader
>> issue to me, as not even grub comes up.
> That suggests the scary region of firmware, hybrid ISO, shim, and boot loader.
>
> The bug reports have the wrong component set on them, and aren't
> discrete actionable bug reports. It's just saying "this doesn't work"
> but the people most likely to figure out what *is* happening are those
> with this specific hardware.
>
>> An instant reset back into the bios happens if a usb boot is tried.
> Sounds like both a regression and a firmware bug. Maybe we'll be lucky
> and someone on the list has an idea already. But if not, someone with
> the hardware will have to do the tedious work of figuring out exactly
> where it's getting tripped up.
>
>
>> Unfortunatly the assignee is not reacting and i would really miss my
>> linux surface after upgrading to F32 :D
> I have no idea what the LiveCD component is, but the bug report
> contains so little information I also don't know what I'd reassign it
> to. Asking about it on devel is probably the right thing to do for
> now.
I can confirm this bug does exist. Attempting to boot on my Surface Pro
4 requires secure boot to be momentarily shut-off. SB actually is
reporting a secure boot violation for whatever reason. I have reason to
believe that the UEFI files are missing correct signing, or that signing
needs to be updated.
I have also seen SB failures with my Dell laptop with SB enabled, but
those are easier to work around than going nuclear on a Surface Pro and
shutting-off secure boot.
F31 and F32 are unaffected, this appears to have started with F33.
The Fedora secure boot signing keys were updated after F32 was initially released to deal with the grub2 problems found during the summer. I believe some systems have needed firmware updates from the manufacturer to work with the new key because they worked by white listing the old set, and don't know how to handle when a new key signed and authorized is presented. I don't know how the Surface Pro does its firmware updates and if one is needed.
--
Erich Eickmeyer
Project Leader Ubuntu Studio
Maintainer Fedora Jam
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org