** Description changed: + [ Impact ] + + The Raspberry Pi pre-installed desktop images boot in systemd "degraded" + state, as pd-mapper (from protection-domain-mapper) which is specific to + Qualcomm Snapdragon hardware, is erroneously included on the images. + This makes it difficult to figure out if something is *actually* wrong + with the system as it appears something is "always" wrong. + + Furthermore, given comment 5 from the security team, it may constitute a + security risk. + + [ Test Plan ] + + This was fixed in the oracular seed prior to release, thus only noble is + affected. For the noble pre-installed desktop image: + + * Flash 24.04.1 image to a fresh SD card + * Boot on any supported Pi model + * systemctl status + * Verify status is "degraded" + * Enable proposed (https://wiki.ubuntu.com/Testing/EnableProposed) + * sudo apt install -t noble-proposed ubuntu-desktop-minimal + * sudo apt autoremove + * Check that protection-domain-mapper is removed as no longer required + * sudo reboot + * systemctl status + * Verify status is "running" and not "degraded" + + For Dave (not including full instructions for the sake of brevity, but + if anyone else wants to try this I can provide instructions on request): + + * Build 24.04.2 image locally with proposed pocket + * Check manifest output and ensure that protection-domain-mapper does *not* appear + * Flash image to fresh SD card + * Boot on supported Pi model + * Run through initial setup + * Reboot + * systemctl status + * Verify status is "running" + + [ Regression Potential ] + + The commit in question which is being reverted included three packages + in desktop-minimal (for arm64 specifically): protection-domain-mapper, + qrtr-tools, and flash-kernel. The first two are Qualcomm specific + packages that should be removed. The third, flash-kernel, is actually + required on the Raspberry Pi images, but should still be pulled in via + the raspi-common platform seed. + + This is partly the reason for including a build of the raspi image in + the test plan above (also to ensure that both upgraders and fresh + installs will both see the fix). + + Other than this, the regression potential is low. The service in + question (pd-mapper) simply fails on non-Qualcomm hardware, so unless + something is actively relying on that failure (which would be ... odd), + there should be no other effect. + + [ Original Description ] + The protection-domain-mapper package (and qrtr-tools) are both installed by default on the Ubuntu Desktop for Raspberry Pi images, thanks to their inclusion in the desktop-minimal seed for arm64. However, there's no hardware that they target on these platforms, and the result is a permanently failed service (pd-mapper.service). It appears these were added to support the X13s laptop [1]. I've attempted to work around the issue by excluding these packages in the desktop-raspi seed (experimentally in my no-pd-mapper branch [2]) but this does not work (the packages still appear in the built images). Ideally, these packages should be moved into a hardware-specific seed for the X13s (and/or whatever other laptops need these things). Alternatively, at a bare minimum, the package should have some conditional that causes the service not to attempt to start when it's not on Qualcomm hardware. [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu- seeds/+git/ubuntu/commit/desktop- minimal?id=afe820cd49514896e96d02303298ed873d8d7f8a [2]: https://git.launchpad.net/~waveform/ubuntu- seeds/+git/ubuntu/commit/?id=875bddac19675f7e971f56d9c5d39a9912dc6e38
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062667 Title: [SRU] Fails on (and should be removed from) raspi desktop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protection-domain-mapper/+bug/2062667/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
